A New CodeRed Modification Carries a Trojan in Its Pocket

05 Aug 2001
Virus News

Kaspersky Lab, an international data-security software developer, announces the detection of a new variant of the "CodeRed" ("Bady") Internet worm. Unlike the two previous worm variants, CodeRed.c installs a Trojan program on an infected computer that opens general access to C: and D: drives. A new approach to choosing IP addresses is also included in the latest variant when attacking a system. As is known from the earlier CodeRed variants, the worm selected addresses randomly in such a way that the numerous attempts at penetration were thwarted from the start, whereas now, this method occurs only 1 out of 8 times. As concerns the rest of the occurrences, the target-computer IP address is based on the originating computer's IP address, which perpetrates the attack.

Kaspersky Lab has not yet received any reports of CodeRed.c having been detected "in the wild."

You can read a more in-depth description of the CodeRed worm in the Kaspersky Virus Encyclopedia.