Code Red will be around 'forever', warns the security expert who has detected a new variation of the Code Red II worm

A new permutation of the Code Red II worm was discovered on Friday, and experts say that Code Red is now unlikely ever to disappear.

The new variant has been dubbed CodeRed.d, and exploits the same Index Server flaw in Microsoft's IIS software as the initial Code Red. According to Roger Thompson, technical director of malicious code research at anti-virus firm TruSecure, who detected the variant, the appearance of a new worm indicates that we are stuck with the Code Red problem "forever".

"This is pretty much noise level for Code Red II and CodeRed.d -- it's not going to get any better or worse, and will stay like this forever" said Thompson. "Those machines that have not yet been patched never will be, meaning that the worm is here to stay."

CodeRed.d is nearly identical to its predecessor, except for two minor pieces of code that make it slightly more malicious. But in the new variant, the string of code is replaced with underscore characters, meaning that both Code Red II and CodeRed.d can re-infect the same machine at once. "People won't notice, but it will be banging out twice as many attempts to attack other PCs," said Thompson. "It randomly selects a range of addresses to attack other machines -- each worm will be churning out 300 threads to try and infect 300 different addresses at any one time."

And CodeRed.d can target a greater spread of IP addresses than could earlier versions of Code Red, said, added Thompson. "But this is mitigated by those who have patched their machines."