The Lab's Computer Protection Program has information about the Code Red worm on its Web site. The posting provides information on how to protect your server, what to do if your server becomes infected and a general description of the worm, which first emerged in mid-July and spread faster than any other worm in recent Internet history. The worm continues to be active with the Lab recording thousands of attempted infections each day, and there's also now a new variant that's more malicious.

A new version of Code Red, Code Red II, has already infected several Windows systems at LBNL. It is similar to the original version of the Code Red worm, except that it installs a back-door program on infected machines that enables remote hackers to control them. It also installs special mappings that this worm needs. Because of these changes in infected systems, cleaning up a system from Code Red II requires doing more than simply rebooting an infected server. Microsoft has released a utility that not only removes Code Red II from the infected system's memory, but also deletes the back door program and the special mappings. It also can permanently disable Microsoft Internet Information Server (IIS) on the server if you choose to do this. You can obtain this tool from Microsoft.