Our system has all the patches installed for Code Red. In the c:winntsystem32logfilesw3svc1 I still see a lot of GET default.ida, XXX and NNN. Microsoft could not guarantee me that the system was completely safe. What could be the problem?
For information on the Code Red virus
Fear factor: Malicious code and why the worst is yet to come
Code Red fizzles; but what about the next time?
New Code Red variant packs little punch
Bad traffic is here to stay
The problem is that Code Red will continue to try to infect your system, even if it cannot. The Code Red worm is programmed to try to infiltrate as many systems as possible. Once your systems are patched, it cannot do anything more than bang away at them.
There is a new patch out from Microsoft that you may want to look into -- look for the latest Cumulative Patch for IIS.
This was first published in August 2001