'Chinese' virus targets Microsoft security hole

By Staff and reports

HONG KONG, China (CNN) -- A new Internet virus of allegedly Chinese origins has launched a worldwide assault on Microsoft.

The Code Red worm targets a well-known security hole in Microsoft Internet Information Server 4.0 and 5.0 that is also found in PCs running Windows NT 4.0 and Windows 2000.

Security experts say the worm exploits the Microsoft flaw, allowing hackers to run code of their choice.

'Hacked by Chinese'

Code Red defaces English-language web sites hosted by the PCs it infects with a message "HELLO! Welcome to http://www.worm.com! Hacked by Chinese!"

The origin of the worm is not clear.

"Based on (the message) we can't say it's released by China, but is directly pointing to the Chinese," said Abby Tang, a security expert at Network Associates in Hong Kong.

Tang also told CNN that cases of Red Code infection are rapidly increasing.

"It is definitely escalating very fast," said Tang.

"Yesterday it was a low risk worm, and today it's on a medium watch. That means it is possible it will get worse."

Network Associates, which sells the McAfee antivirus software, has upgraded the risk level of the virus based on two factors: its level of infectiousness and the level of damage it can inflict on host computers. Estimates on exactly how many computers have been infected by the virus vary.

Marc Maiffret, chief hacking officer at eEye Digital Security, told Reuters that 12,000 computers around the world had been infected with the Code Red worm.

But another estimate from the System Administration, Networking and Security Institute put the number of infected PCs at around 200,000.

Maiffret and his associates discovered the Microsoft security hole in June, prompting the software giant to release a patch to prevent infection from the worm.

"The best way to fight this virus is go to the Microsoft web site and get a patch for the index server," advised Network Associates' Tang.

Reuters contributed to this report.