Return-Path: <sentto-279987-1710-999868563-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 07 Sep 2001 06:17:18 -0700 (PDT) Received: (qmail 22091 invoked by uid 510); 7 Sep 2001 13:16:13 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 7 Sep 2001 13:16:13 -0000 X-eGroups-Return: sentto-279987-1710-999868563-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by hp.egroups.com with NNFMP; 07 Sep 2001 13:16:03 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_1); 7 Sep 2001 13:16:03 -0000 Received: (qmail 23318 invoked from network); 7 Sep 2001 13:14:39 -0000 Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 7 Sep 2001 13:14:39 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 7 Sep 2001 13:14:39 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id GAA06611 for iwar@onelist.com; Fri, 7 Sep 2001 06:14:29 -0700 Message-Id: <200109071314.GAA06611@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 7 Sep 2001 06:14:29 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Code-Blue-Worm] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit <a href="http://www.reuters.com/news_article.jhtml?type=internetnews&StoryID=203974">http://www.reuters.com/news_article.jhtml?type=internetnews&StoryID=203974> Web Woes Return to China with 'Code Blue' Worm Last Updated: September 07, 2001 01:43 AM ET Print This Article BEIJING (Reuters) - A new Internet worm has emerged in China akin to the "Code Red" worm, which caused $2.4 billion in estimated cleanup costs on Internet-linked computers last month, a computer security expert said on Friday. The "Code Blue" worm has similarities with the Code Red worm, which caused widespread problems, said a worker at the police-run Computer Virus Treatment Center in Tianjin, about 54 miles from Beijing. "We've already gotten hold of the virus and we're analyzing it," said the worker, who declined to be named. He said his office had no estimate of how many computers or servers had been infected with the new worm. In the United States, the first Code Red worm infected more than 250,000 systems in just nine hours on July 19, shortly after it was first reported, according to the National Infrastructure Protection Center at FBI headquarters. In August, a second version of the worm emerged, preying on computers and servers linked to the Internet running a version of Microsoft Corp software called Internet Information Server (IIS). The Code Red II infected thousands of computers worldwide and prompted China's Ministry of Public Security to issue a public warning. ORIGIN STILL UNKOWN But the Code Red II worm faded away as people downloaded free patches from the Microsoft Web site which plugged the hole the worm used to enter computers. According to the Ministry of Public Security, Code Red II struck more than 1,000 servers in China by August 22 in more than 20 provinces and cities. But experts believe the real figure is much higher. The worker at the center in Tianjin said the Code Blue worm infects computers exploits a different weakness in the software from the Code Red viruses. The Code Blue worm, which is the work of a mischievous computer expert, slows infected computers, which eventually crash, the official Xinhua news agency said. Last month, a nonpartisan investigative arm of the U.S. Congress, the General Accounting Office, said in written testimony that the Code Red virus was believed to have started at a university in Guangdong, China. Asked about the congressional report, Navy Captain Robert West of the Joint Task Force for Network Operations, responsible for defending the U.S. military's information infrastructure, said the Defense Department was "not ready to attribute the Code Red worm to any specific actor at this point." A spokeswoman for the FBI-led infrastructure protection center, Debbie Weireman, said the Code Red worm and successors known as Code Red II and SirCam were still under investigation. © Copyright Reuters 2000. All rights reserved. Any copying, re-publication or re-distribution of Reuters content or of any content used on this site, including by framing or similar means, is expressly prohibited without prior written consent of Reuters. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide: "Securing Your Web Site for Business." Get it Now! http://us.click.yahoo.com/n7RbFC/zhwCAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT