Computer security experts announced yesterday that a new worm is infecting Web servers running Microsoft's Internet Information Server software. The worm, dubbed 'Code Rainbow' or 'Nimda,' takes advantage of an array of security holes exploited or created by previous worms.
Unlike those worms, however, it also spreads via email, posing as an attached audio file named 'readme.exe'. (The file is labeled as an audio file, even though it has the '.exe' extension associated with programs.) Users who open this attachment could help spread the worm and open their computers to infection.
Code Rainbow also modifies Web pages on infected computers such that users visiting those pages will be prompted to download an Outlook e-mail file, with the extension '.eml,' containing the worm.
UW-Madison's BadgIRT incident response team has posted information on its Web site and have started filtering WiscWorld e-mail for the virus.
Microsoft recommended that IIS users patch their systems as soon as possible. More information is available from Microsoft's Web site.
