A new, more virulent strain of Code Red has surfaced to strike systems worldwide. It appears to hold a particular dislike for Chinese computers. Researchers discovered the recent variant of the malicious computer program on Saturday. The Internet worm that reportedly attacked about 650,000 servers worldwide was discovered in the middle of last month. It sparked a concerted call last week from United States officials for security technicians to patch vulnerable Web servers to prevent the Internet from stumbling to a halt. The new version of Code Red, named after a soft drink favoured by technicians who discovered it, inserts malicious code that allows files to be stolen. It also seems to be twice as active on Chinese-language servers as other language systems, as opposed to others that have attacked only English servers. All variants of the worm attack Microsoft Internet Information Services (IIS) Web servers, but this version treats Windows 2000 and NT systems differently. The company that discovered Code Red, eEye, warned this version's code would run only on a Windows 2000 system with a vulnerable server. Any IIS server based on Windows NT would crash when it attempted to execute the code, the Web site of the System Administration, Networking and Security Institute said. Anti-virus company Symantec said it had reports from around the globe about the threat on Monday, including one from Hong Kong, and expected more. 'I'd expect to come into work and see greater numbers' this morning, predicted David Banes, Asia-Pacific manager of Symantec's regional anti-virus centre. The original version defaced Web sites with the words 'Hacked by Chinese!' in red text, though this feature has disappeared from new strains. The new worm drops 'trojan' code on the infected server, which opens a back door to allow remote attackers to control the compromised server. Ian Hameroff at Computer Associates said: 'What's particularly troublesome about this new variant of Code Red is its ability to open up an infected computer system completely to the Internet. 'This means that an intruder could browse and even download files from a company's Internet server that hasn't been patched to defend against Code Red.' An alert on the Web site of information security firm Network Associates said the re-written worm also checked to see if traditional or simplified Chinese was the installed language, then propagated for longer. If the language was Chinese, the new Code Red created 600 threads and spreads for 48 hours, as opposed to making 300 threads and flying around for 24 hours on a non-Chinese server, the site said. Mr Banes said: 'It sort of doubles up on what it does if it's Chinese.' Hong Kong's Computer Emergency Response Team (Cert) had no reports of the new strain, consultant Patrick Li said. Companies voluntarily register their complaints with the Internet threat-tracking and education centre. The Cert received a total of three reports of the older Code Red versions by the end of last week, Mr Li said. The previous worms were set to spread for the first 20 days of every month, and then attack the Web site of the US White House in an attempt to shut it down, slowing the Internet in the process. Last time, the White House took precautions by changing its Internet protocol, or numerical, Web address. Sircam, another worm discovered last month, has been making e-mail rounds in the SAR. The Cert has registered 46 attacks by Sircam, which is spread by e-mail and attacks personal computers, unlike Code Red.