[iwar] China Skeptical Code Red PC Worm of Chinese Origin

• Next message: L.C.J. Jacobson: "Re: [iwar] China trying it again..."
• Previous message: ellisd@cs.ucsb.edu: "[iwar] Re: Chinese IW-one more thought"
• Next in thread: e.r.: "Re: [iwar] China Skeptical Code Red PC Worm of Chinese Origin"
• Reply: e.r.: "Re: [iwar] China Skeptical Code Red PC Worm of Chinese Origin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-1523-996671996-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 01 Aug 2001 06:22:08 -0700 (PDT)
Received: (qmail 5644 invoked by uid 510); 1 Aug 2001 12:23:34 -0000
Received: from n30.groups.yahoo.com (216.115.96.80) by 204.181.12.215 with SMTP; 1 Aug 2001 12:23:34 -0000
X-eGroups-Return: sentto-279987-1523-996671996-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by ho.egroups.com with NNFMP; 01 Aug 2001 13:21:11 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_2_0); 1 Aug 2001 13:19:56 -0000
Received: (qmail 9774 invoked from network); 1 Aug 2001 13:14:41 -0000
Received: from unknown (10.1.10.142) by l7.egroups.com with QMQP; 1 Aug 2001 13:14:41 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 1 Aug 2001 13:14:41 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id GAA25077 for iwar@onelist.com; Wed, 1 Aug 2001 06:14:40 -0700
Message-Id: <200108011314.GAA25077@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 1 Aug 2001 06:14:38 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] China Skeptical Code Red PC Worm of Chinese Origin
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

JUL 31, 2001
China Skeptical Code Red PC Worm of Chinese Origin
By REUTERS
Filed at 8:27 a.m. ET

BEIJING (Reuters) - A Chinese network safety official
said on Tuesday the fast-spreading ``Code Red''
Internet worm, which disrupted U.S. government Web
sites last week, was probably not made in China,
despite Web site defacings that said ``Hacked by
Chinese.''

The Code Red worm, which U.S. officials said was
likely to reemerge at 8 p.m. EDT Tuesday and wreak
havoc on the Net, had surfaced little in China and
appeared too sophisticated to be the work of Chinese
hackers, the official said.

``I've never heard of anything so powerful in China.
This is not something that an ordinary person has the
skill to create,'' said the expert at the State Office
of Network and Information Safety who gave his surname
as Fang.

Ronald Dick, director of the FBI's National
Infrastructure Protection Center (NIPC), said the worm
had infected more than 250,000 computer systems on
July 19, a day of heavy attacks.

Computer Associates International Inc (news/quote)
(CA.N) said in a statement the worm had already
affected 300,000 systems worldwide.



NO CHINA IMPACT

Hundreds of U.S. Web firms got a taste of Chinese
patriotic vandalism when a hacker war flared between
Americans and Chinese after an April 1 collision
between a U.S. spyplane and a Chinese fighter.

In last week's Code Red hits, some U.S. government
sites showed the message ``Hacked by Chinese,'' using
a popular term for illegally breaking into a computer
system.

But the virus had virtually no impact in China,
according to the government-run Computer Virus
Treatment Center in Tianjin, 60 miles east of Beijing.

``We haven't received any calls about it,'' said Liang
Hong, a spokeswoman for the center.

The worm installs itself on servers, then slows
government and other Web sites with a blitz of
download requests.

Because it spreads uncontrollably after being
transmitted, the worm would have surfaced more in
China if it had been created by a Chinese person, said
a technical support manager at Beijing Rising
Technology Corp Ltd, a virus protection company.

``The virus has had more of an effect in Europe and
the United States,'' said the manager, who asked not
to be identified.

Two of the three known variants of the Code Red worm,
named after a caffeine drink favored by computer
programmers, showed no obvious vandalism or Chinese
characteristics.

But an unrelated e-mail virus named W32.Sircam that
surfaced earlier this month was spreading in China.

Liang said the center had been told of at least 20
confirmed cases of the file-deleting virus, which
security experts in the United States had said earlier
in July spread to 50 countries.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: L.C.J. Jacobson: "Re: [iwar] China trying it again..."
• Previous message: ellisd@cs.ucsb.edu: "[iwar] Re: Chinese IW-one more thought"
• Next in thread: e.r.: "Re: [iwar] China Skeptical Code Red PC Worm of Chinese Origin"
• Reply: e.r.: "Re: [iwar] China Skeptical Code Red PC Worm of Chinese Origin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT