The mainstream press is whipping up fears about a new variant of the CodeRed virus/worm called CodeRed.F. I’ve already seen a few well-meaning souls post warnings implying that this new threat can strike people running any version of Windows. Well, not exactly.
As always, Symantec Security Response has a prompt and timely explanation of what CodeRed.F can and can’t do.
Here’s the bottom line: This virus, like the original CodeRed, affects only computers that are running Internet Information Services — in other words, those that are acting as Web servers. If you are using a normal desktop configuration of Windows, you need not take any special precautions.
Of course, some people actually do run IIS (or its older baby cousin, Personal Web Server), so that they can deploy their Web pages onto a local test site before going live with them. If you’ve installed IIS or PWS on your computer, you’re potentially vulnerable. (Not sure whether you’re running your own Web server? Type http://localhost in your browser. If it returns a Server Not Found error message, you’re safe.)
Of course, anyone running IIS should be especially vigilant about installing security patches for it. In particular, patch MS01-33 and patch MS01-44, both of which were released in summer 2001 (nearly two years ago!), protect against this infection. Norton AntiVirus signatures from August 2001 (and those of virtually every other leading AV software maker) also protect against it.
The real threat with this virus is that it is slowing down traffic on the Web as a whole because of all the servers around the world, especially in Europe and Asia, which have not had the proper patches installed.
Ed Bott 