Russ Cooper reports that a new variant of the Code Red worm, called Code Red F, is spreading on the Internet. Cooper said in a message posted to the NTBugTraq mailing list that the worm was detected in Finland using the WormCatcher monitoring software. WormCatcher was developed by Security expert Roger Thompson and designed to detect previously unknown worms.
Cooper said that protecting against Code Red F variant is accomplished in the same way as protecting against the original Code Red worm: Remove Microsoft IIS from the box completely or remove script mappings, particularly .ida mappings, and apply the patch mentioned in Microsoft Security Bulletin MS01-033 "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise."
