[iwar] From China with more love: Code Blue Worm

From: David Kennedy CISSP (david.kennedy@acm.org)
Date: 2001-09-07 04:44:59


Return-Path: <sentto-279987-1709-999863119-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 07 Sep 2001 04:46:09 -0700 (PDT)
Received: (qmail 18422 invoked by uid 510); 7 Sep 2001 11:45:33 -0000
Received: from n23.groups.yahoo.com (216.115.96.73) by 204.181.12.215 with SMTP; 7 Sep 2001 11:45:33 -0000
X-eGroups-Return: sentto-279987-1709-999863119-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by ck.egroups.com with NNFMP; 07 Sep 2001 11:45:19 -0000
X-Sender: david.kennedy@acm.org
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_1); 7 Sep 2001 11:45:19 -0000
Received: (qmail 97700 invoked from network); 7 Sep 2001 11:45:18 -0000
Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 7 Sep 2001 11:45:18 -0000
Received: from unknown (HELO mta01.fuse.net) (216.68.2.90) by mta3 with SMTP; 7 Sep 2001 11:45:18 -0000
Received: from 4000cdt ([216.68.202.204]) by mta01.fuse.net (InterMail vM.5.01.03.01 201-253-122-118-101-20010319) with SMTP id <20010907114512.GBHQ1958.mta01.fuse.net@4000cdt>; Fri, 7 Sep 2001 07:45:12 -0400
Message-Id: <3.0.5.32.20010907074459.030f5b20@pop.fuse.net>
X-Sender: dmkennedy@pop.fuse.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
To: "access" <access@g2-forward.org>,IWAR <iwar@yahoogroups.com>
From: David Kennedy CISSP <david.kennedy@acm.org>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 07 Sep 2001 07:44:59 -0400
Reply-To: iwar@yahoogroups.com
Subject: [iwar] From China with more love: Code Blue Worm
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

"I'm melting, I'm melting....."

http://www.reuters.com/news_article.jhtml?type=internetnews&StoryID=203974

Web Woes Return to China with 'Code Blue' Worm
Last Updated: September 07, 2001 01:43 AM ET
Print This Article
BEIJING (Reuters) - A new Internet worm has emerged in  China akin to the
"Code Red" worm, which caused $2.4 billion in  estimated cleanup costs on
Internet-linked computers last  month, a computer security expert said on
Friday.
The "Code Blue" worm has similarities with the Code Red  worm, which caused
widespread problems, said a worker at the  police-run Computer Virus
Treatment Center in Tianjin, about 54  miles from Beijing.
"We've already gotten hold of the virus and we're analyzing  it," said the
worker, who declined to be named.
He said his office had no estimate of how many computers or  servers had
been infected with the new worm.
In the United States, the first Code Red worm infected more  than 250,000
systems in just nine hours on July 19, shortly  after it was first
reported, according to the National  Infrastructure Protection Center at
FBI headquarters.
In August, a second version of the worm emerged, preying on  computers and
servers linked to the Internet running a version  of Microsoft Corp
software called Internet Information Server  (IIS).
The Code Red II infected thousands of computers worldwide  and prompted
China's Ministry of Public Security to issue a  public warning.
ORIGIN STILL UNKOWN
But the Code Red II worm faded away as people downloaded  free patches from
the Microsoft Web site which plugged the hole  the worm used to enter
computers.
According to the Ministry of Public Security, Code Red II  struck more than
1,000 servers in China by August 22 in more  than 20 provinces and cities.
But experts believe the real figure is much higher.
The worker at the center in Tianjin said the Code Blue worm  infects
computers exploits a different weakness in the software  from the Code Red
viruses.
The Code Blue worm, which is the work of a mischievous  computer expert,
slows infected computers, which eventually  crash, the official Xinhua news
agency said.
Last month, a nonpartisan investigative arm of the U.S.  Congress, the
General Accounting Office, said in written  testimony that the Code Red
virus was believed to have started  at a university in Guangdong, China.
Asked about the congressional report, Navy Captain Robert  West of the
Joint Task Force for Network Operations,  responsible for defending the
U.S. military's information  infrastructure, said the Defense Department
was "not ready to  attribute the Code Red worm to any specific actor at
this  point."
A spokeswoman for the FBI-led infrastructure protection  center, Debbie
Weireman, said the Code Red worm and successors  known as Code Red II and
SirCam were still under  investigation.
© Copyright Reuters 2000. All rights reserved. Any copying, re-publication
or re-distribution of Reuters content or of any content used on this site,
including by framing or similar means, is expressly prohibited without
prior written consent of Reuters.




------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT