Code Red Worm Reveals Flaws In Network Stewardship
The alternate variation of the worm has been described as a "mutated" incarnation of the original, but Maiffret said it doesn't mutate by itself.
"How that second version got out is really unclear," he said. "Whether it was the same person who wrote the first one or someone modified (it), we don't know. But it is a little more devious because the way it generates the IP address to attack is random, whereas the first one was in sequence.
"Also, the second one doesn't deface Web sites, so it's going to spread more quickly than the first one, and with stealth - which is not a good combination."
Maiffret said the total of more than 300,000 infected Web servers during the first outbreak doesn't illustrate the full power of a worm that might have been just getting rolling when it switched to White-House-attack mode late on the 19th.
The link for this article located at Newsbytes is no longer available.