Code Red - is the answer another virus?

The answer to Code Red's menace could be right under our noses - a virus designed to hunt out the exploit installed by the Code Red worm and apply the relevant patches.

The answer to Code Red's menace could be right under our noses - a virus designed to hunt out the exploit installed by the Code Red worm and apply the relevant patches.

Most of the recent attacks in New Zealand are regional - from Asian countries. Auckland-based internet consultant Dylan Reeve says the new version of the worm generally attacks within the same subnet, "which means I'm getting attacks from only a few of the hosts that are infected, but they're all coming from nearby addresses."

Greg Munro, general manager of SecureIT, an Auckland-based online security firm, says New Zealand is being hit in a sustained manner from countries like Korea, China and some other SE Asian countries.

He says part of the problem is that these countries have a high incidence of pirated software. "I wonder if they're not hiding from Microsoft and therefore not patching their software because it's a copy."

One solution to such concerns could be to build a worm that would seek out the exploit used by Code Red and simply apply the Microsoft patch either with a warning to the user or without their knowledge. Both Reeve and Munro have seen online discussion about such a possibility.

Reeve says there are, of course, "ethical issues to be considered" and Munro points out the possible bandwidth complications of having released an anti-virus worm onto the net.

"This is how the Morris worm, the very first one, was cleaned up. They wrote a piece of software that went out looking for the virus and sorted it out," Munro says. The Morris Internet Worm was released in 1988.

Munro says the latest version of Code Red is still going strong and the kind of wave-like distribution model the worm has displayed will be common in the future.

"This has happened before - someone's come along and taken the original virus, left the shell behind and tucked in a new payload that's caused another wave of attacks."

Now that there are tools to allow less technically-minded people to dissect things like viruses there will be those willing to relaunch a virus with a different header or payload to cause even more trouble.

Join the newsletter!

Error: Please check your email address.

Tags Code Red

More about Microsoft

Show Comments
[]