New worm infects the net

Machines patched against Code Red are safe against the new worm

A new worm has started to make its presence felt on the internet.

The malicious program works much faster than Code Red, and does a better job of finding vulnerable computers - but it is unlikely to clog the wires as successfully as Code Red.

This new threat is more dangerous than the previous version of Code Red, though it is still unlikely to affect the whole internet infrastructure in the short term

UK Government agency

The new worm could be hobbled because it exploits the same vulnerability that many machines have closed since Code Red started stalking the net.

If it does manage to compromise a system, the worm installs a Trojan that could give malicious hackers control of the infected system, UK Government scientists warned.

Web worm II

The panic over Code Red began when a variant of the original worm infected more than 250,000 machines in only a few hours, prompting fears that a global web slowdown would result if the worm was not contained.

Analysis after the outbreak revealed that the web traffic jams attributed to Code Red were due to a train crash in a tunnel that severed key net cables.

Now, new warnings are being issued about another variant of a web worm, which was first detected on Saturday.

"We are aware of at least two variants of the computer worm making their way now," said a spokeswoman for the FBI's National Infrastructure Protection Center in the US.

The UK's Unified Incident Reporting and Alert Scheme (Uniras) said on Sunday: "This new threat is more dangerous than the previous version of Code Red, though it is still unlikely to affect the whole internet infrastructure in the short term."

However, it warned: "The installation of the Trojan code will allow unpredictable use to be made of the infected systems in future."

Spreads locally

What stopped Code Red spreading more effectively was the sluggish way it searched out new systems to infect. Uniras said the new worm did a better job of spreading because it looked for other computers sharing the same network as the machine it was working from.

"Localised segments of the internet could be affected and performance degraded, and this might have serious consequences for communities of users affected," Uniras said.

The Pentagon closed its public facing sites over Code Red fears

However, the worm cannot infect as many computers as Code Red because it only targets machines using Windows 2000 and running Microsoft Internet Information Server (IIS). Since Code Red started circulating, many of these machines have had a patch installed that stops them being infected.

Systems protected from Code Red are safe against the new worm. The patches are available from Microsoft's website.

The over-played warnings about last week's Code Red outbreak have led some anti-virus companies worrying that the hype could have caused people to become complacent and do nothing about continuing security problems plaguing the net, including the new worm.

"There's been more hype than havoc," Graham Cluley, of anti-virus company Sophos. "There will be some people that did not patch themselves earlier and say now they do not have to bother."