The new version of Code Red that is currently doing the rounds has an added twist - a "Back Orifice" like trojan backdoor that would allow the virus writer to access and control the infected server.
"The original Code Red had a payload that will cause a denial of service attack on the White House web server. The variant called Code Red C has a different payload that allows the hacker to have full access of the web server remotely," says a Symantec press release, and New Zealand country manager Richard Batchelar says the company is treating it seriously.
"We haven't had much feedback yet, and what we've had is mostly from companies that are concerned about it rather than reporting it, but it is potentially very nasty," Batchelar says.
Code Red is a worm that attacks a known hole in Microsoft Internet Information Server (IIS) software versions 4.0 and 5.0. A patch has been available for more than a month, however over 300,000 servers were infected in the first 10 hours of the virus's attack last month.
The second wave of attacks, started on August 1, got off to a slow start, but racked up over 100,000 infected servers.This version, dubbed Code Red III or C, exploits the same "buffer overflow" exploit as the original worm but has the new payload.
"If you've patched your server against Code Red then that will still apply for this version. Of course, virus definition upgrades should also be applied," Batchelar says.