Web woes return to China with "Code Blue" worm
September 07, 2001 01:34:00 AM ET
BEIJING, Sept 7 (Reuters) - A new Internet worm has emerged in China akin to the "Code Red" worm, which caused $2.4 billion in estimated cleanup costs on Internet-linked computers last month, a computer security expert said on Friday.
The "Code Blue" worm has similarities with the Code Red worm, which caused widespread problems, said a worker at the police-run Computer Virus Treatment Center in Tianjin, about 100 km (54 miles) from Beijing.
"We've already gotten hold of the virus and we're analysing it," said the worker, who declined to be named.
He said his office had no estimate of how many computers or servers had been infected with the new worm.
In the United States, the first Code Red worm infected more than 250,000 systems in just nine hours on July 19, shortly after it was first reported, according to the National Infrastructure Protection Center at FBI headquarters.
In August, a second version of the worm emerged, preying on computers and servers linked to the Internet running a version of Microsoft Corp (MSFT) software called Internet Information Server (IIS).
The Code Red II infected thousands of computers worldwide and prompted China's Ministry of Public Security to issue a public warning.
ORIGIN STILL UNKOWN
But the Code Red II worm faded away as people downloaded free patches from the Microsoft Web site which plugged the hole the worm used to enter computers.
According to the Ministry of Public Security, Code Red II struck more than 1,000 servers in China by August 22 in more than 20 provinces and cities.
But experts believe the real figure is much higher.
The worker at the centre in Tianjin said the Code Blue worm infects computers exploits a different weakness in the software from the Code Red viruses.
The Code Blue worm, which is the work of a mischievous computer expert, slows infected computers, which eventually crash, the official Xinhua news agency said.
Last month, a nonpartisan investigative arm of the U.S. Congress, the General Accounting Office, said in written testimony that the Code Red virus was believed to have started at a university in Guangdong, China.
Asked about the congressional report, Navy Captain Robert West of the Joint Task Force for Network Operations, responsible for defending the U.S. military's information infrastructure, said the Defence Department was "not ready to attribute the Code Red worm to any specific actor at this point".
A spokeswoman for the FBI-led infrastructure protection center, Debbie Weireman, said the Code Red worm and successors known as Code Red II and SirCam were still under investigation. REUTERS
© 2001 Reuters
