Re: [iwar] China Skeptical Code Red PC Worm of Chinese Origin

• Next message: Gary Warner: "Re: [iwar] China trying it again..."
• Previous message: e.r.: "Re: [iwar] Re: Chinese IW-one more thought"
• In reply to: Fred Cohen: "[iwar] China Skeptical Code Red PC Worm of Chinese Origin"
• Next in thread: ellisd@cs.ucsb.edu: "[iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Reply: ellisd@cs.ucsb.edu: "[iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-1527-996676153-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 01 Aug 2001 07:30:10 -0700 (PDT)
Received: (qmail 8926 invoked by uid 510); 1 Aug 2001 13:31:36 -0000
Received: from n22.groups.yahoo.com (216.115.96.72) by 204.181.12.215 with SMTP; 1 Aug 2001 13:31:36 -0000
X-eGroups-Return: sentto-279987-1527-996676153-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by cj.egroups.com with NNFMP; 01 Aug 2001 14:29:13 -0000
X-Sender: fastflyer28@yahoo.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 1 Aug 2001 14:29:12 -0000
Received: (qmail 29983 invoked from network); 1 Aug 2001 14:10:20 -0000
Received: from unknown (10.1.10.142) by l10.egroups.com with QMQP; 1 Aug 2001 14:10:20 -0000
Received: from unknown (HELO web14502.mail.yahoo.com) (216.136.224.65) by mta3 with SMTP; 1 Aug 2001 14:10:20 -0000
Message-ID: <20010801141020.15769.qmail@web14502.mail.yahoo.com>
Received: from [12.78.122.54] by web14502.mail.yahoo.com; Wed, 01 Aug 2001 07:10:20 PDT
To: iwar@yahoogroups.com
Cc: fdastflyermach1@worldnet.att.net
In-Reply-To: <200108011314.GAA25077@big.all.net>
From: "e.r." <fastflyer28@yahoo.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 1 Aug 2001 07:10:20 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] China Skeptical Code Red PC Worm of Chinese Origin
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


--- Fred Cohen <fc@all.net> wrote:
> JUL 31, 2001
> China Skeptical Code Red PC Worm of Chinese Origin
> By REUTERS
> Filed at 8:27 a.m. ET
> 
> BEIJING (Reuters) - A Chinese network safety official
> said on Tuesday the fast-spreading ``Code Red''
> Internet worm, which disrupted U.S. government Web
> sites last week, was probably not made in China,
> despite Web site defacings that said ``Hacked by
> Chinese.''
> 
> The Code Red worm, which U.S. officials said was
> likely to reemerge at 8 p.m. EDT Tuesday and wreak
> havoc on the Net, had surfaced little in China and
> appeared too sophisticated to be the work of Chinese
> hackers, the official said.
> 
> ``I've never heard of anything so powerful in China.
> This is not something that an ordinary person has the
> skill to create,'' said the expert at the State Office
> of Network and Information Safety who gave his surname
> as Fang.
> 
This centralized state comp organizations along with Bejong Rising are
China's Top Guns on Iwar.  This could be some of the best OPSEC, or
disinformation in the float, but I doubt it.  While China has good CS
people, the majority of whom we trained, it has fiscal limits and
governmental lack of understanding.  Unless the Boys from Bejing see
you as a hugh vlaue added, you will be treated as a mass of analysts,
no room for young guns with us training to show their stuff
individually, for the most part.

No question that Code Red is Bad Stuff but unless we have a better
handle on who and why, will are still just fighting fires, usless a
large cash infusion this problem is fothcomming.

> Ronald Dick, director of the FBI's National
> Infrastructure Protection Center (NIPC), said the worm
> had infected more than 250,000 computer systems on
> July 19, a day of heavy attacks.
> 
> Computer Associates International Inc (news/quote)
> (CA.N) said in a statement the worm had already
> affected 300,000 systems worldwide.
> 
> 
> 
> NO CHINA IMPACT
> 
> Hundreds of U.S. Web firms got a taste of Chinese
> patriotic vandalism when a hacker war flared between
> Americans and Chinese after an April 1 collision
> between a U.S. spyplane and a Chinese fighter.
> 
> In last week's Code Red hits, some U.S. government
> sites showed the message ``Hacked by Chinese,'' using
> a popular term for illegally breaking into a computer
> system.
> 
> But the virus had virtually no impact in China,
> according to the government-run Computer Virus
> Treatment Center in Tianjin, 60 miles east of Beijing.
> 
> ``We haven't received any calls about it,'' said Liang
> Hong, a spokeswoman for the center.
> 
> The worm installs itself on servers, then slows
> government and other Web sites with a blitz of
> download requests.
> 
> Because it spreads uncontrollably after being
> transmitted, the worm would have surfaced more in
> China if it had been created by a Chinese person, said
> a technical support manager at Beijing Rising
> Technology Corp Ltd, a virus protection company.
> 
"Rising" is the govt secondary site, and if I am not mistaken, they are
doing more of the virus, or worm creation.  The computer Center above
is a mass data analysis and to an extent disinformatiion site-tony or
Fred, is this correct?  As noted above, neither have much money, albeit
IWAR only requires OK equipment, but well trained people-that is where
american universitied come in and we have slowed down on student visa's
and finally started to understand the Chinese game plan. 

> ``The virus has had more of an effect in Europe and
> the United States,'' said the manager, who asked not
> to be identified.
> 
> Two of the three known variants of the Code Red worm,
> named after a caffeine drink favored by computer
> programmers, showed no obvious vandalism or Chinese
> characteristics.
> 
> But an unrelated e-mail virus named W32.Sircam that
> surfaced earlier this month was spreading in China.
> 
> Liang said the center had been told of at least 20
> confirmed cases of the file-deleting virus, which
> security experts in the United States had said earlier
> in July spread to 50 countries.
> 


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Gary Warner: "Re: [iwar] China trying it again..."
• Previous message: e.r.: "Re: [iwar] Re: Chinese IW-one more thought"
• In reply to: Fred Cohen: "[iwar] China Skeptical Code Red PC Worm of Chinese Origin"
• Next in thread: ellisd@cs.ucsb.edu: "[iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Reply: ellisd@cs.ucsb.edu: "[iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT