The Code Red worm is reported to have infiltrated computers in the UAE, bringing with it the possibility of disrupted IT systems and internet traffic, industry sources said on Wednesday.
One concern is that many PCs which may have been infiltrated may not be connected to the network because their users are away on vacation, the sources told the Gulf News.
In that scenario, the worm, smart enough to outwit anti-virus defenses not regularly updated, will remain idle and start corrupting the systems only when the PCs are switched back on.
Code Red affects the Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Windows NT 4.0 and Windows 2000, that run IIS 4.0 and 5.0 Web servers. The worm uses a known buffer overflow vulnerability contained in the file Idq.dll.
"It's really too early to say what the overall impact will be. We have started receiving a few mails carrying this bug, which, by its manner, may prove as harmful as the Love Bug earlier," said Fery Rashoudi, software products manager at the Dubai-based Tech Data.
"This issue highlights the need to be regularly on the alert and update one's anti-virus software."
Two versions of this worm have been seen - the second does not deface Web pages. The one that defaces the Web page pastes the message "Welcome to http://www.worm.com! Hacked By Chinese!"
The hook lasts for 10 hours and is then removed. However, re-infection or other threads can re-hook the function. At its most potent, the worm can compromise passwords and overload e-mail servers.
“Code Red has two trigger dates and payloads," another source said.
The first payload is triggered when the current system date is between 20 and 28. The second goes off if the system date is less than 20.
Also, many Emirati organizations have heeded the several warnings put out by the IT industry about Code Red and the consequences, said the paper.
According to Microsoft, there have been over a million downloads of the patch, a substantial increase over the 400,000 as of last Monday – Albawaba.com
© 2001 Al Bawaba (www.albawaba.com)
