The Code Red Worm

The Code Red Worm's only effect on Clarke Computer's server will be that you will see some(lots?) requests for x.ida and default.ida in the error and referrer logs. It is a worm for Microsoft servers(though it affects some Cisco products).

If it causes so much traffic that the network is overloaded, you won't be able to get to the server(or much of anything else either!).

If your DSL router is a Cisco and isn't patched, then you will probably lose connectivity also. The following is supposed to fix it:

    set web disable
    set web remote 10.0.0.1
    set web port 8000
    write
    reboot

If you are infected, what you need to do depends on which strain you have. For Code Red I, reboot the machine to get rid of the worm, apply the patch from Microsoft and reboot again. For II, you will need to reverse the changes shown in the Note from CERT

You can get more information about it at:

• CERT's note on II
• CERT's Update on the worm - 8/1/01
• CERT's original advisory on the vulnerabilityA - 6/19/01
• CERT's notice of continued threat - 7/26/01
• Microsoft's bulletin on the vulnerability
• The effect on Cisco routers
• SANS Institute's FAQ on the Code Red Worm