Code Blue kicks Code Red out of bed

Code Blue is a more virulent strain of the Code Red virus, protecting itself from other versions of the worm and reinfecting servers previously infected by its Code Red predecessor, according to Glenn Miller, MD of security software specialist Janteknology.

-It's a lot trickier than reiterations we've seen previously. It kicks out Code Red and is doing its own thing," Miller told ZDNet Australia. -There's no reason to hit the panic button. None of this is skies falling in stuff...but it's building."

Activity levels of malicious incidents are increasing worldwide, with China -- Code Blue's first port of call - up to 300,000 incident threats today from yesterday's 270,000, according to Miller.

The incident rate in Australia, which ZDNet reported to be around 32,000 yesterday, has gone up marginally and incidents in the US have broken the million barrier, Miller claims.

Code Blue is much more malicious than its red counterpart. It doesn't die when a system is shut down, re-activating itself every time an infected computer is booted up. It also downloads extra files from the already infected servers and recreates them in the C-drive of the system it goes on to infect. These files include maliciously modified versions of genuine files found in Windows, Miller said.

Code Blue also goes on to issue a denial of service attack against the Web site of Network Security Focus (NSFocus) - a Chinese network security provider.

The fact that it reinfects servers previously blasted by Code Red is also an issue, as there are a lot of servers out there still infected due to organisations' negligence or apathy, according to Miller.

"Infected servers are going to get a kick in the backside this time," Miller said. -This is not an arm's length problem, it's an in-house problem. These servers are going to start melting down."

• Related stories

• Alerts

Add your opinion

1. What a crap article. Do you even have a degree in journalism? This is just propaganderish bullshittery to the max. You quoted every other web source and then put in some dull commentary of your own. Nice work! Anonymous -- 11/09/01

   What a crap article. Do you even have a degree in journalism? This is just propaganderish bullshittery to the max. You quoted every other web source and then put in some dull commentary of your own. Nice work!

   • Reply to comment
   • Reply to story
   • Report offensive content

2. Thanks for the nice commentary anonymous poster. I am always vaguely suspiscious of anyone who doesn't have the guts to reveal who they are. As for the article, I don't mind being able to find out information in one concise article. J Anonymous -- 11/09/01

   Thanks for the nice commentary anonymous poster.
   
   I am always vaguely suspiscious of anyone who doesn't have the guts to reveal who they are.
   
   As for the article, I don't mind being able to find out information in one concise article. Journalism tends to focus on the rehashing of what anyone says anyway, so why expect any different about zdnet?

   • Reply to comment
   • Reply to story
   • Report offensive content

3. What would be even better is some advice to help me find the patch or prevention that I need to stop my system getting infected. Anonymous -- 11/09/01

   What would be even better is some advice to help me find the patch or prevention that I need to stop my system getting infected.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Hot Spot - What's Important

Driving Business Growth Through Enterprise IT Management
Dig deeper by clicking here »

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

When chief information officers and other technology managers talk about their priorities, security is always high on the list.

Principles for a successful business

Reader Services

Popular Topics

Essentials