Is a worm in the hand worth two in the Bush?
Published: 31 July 2001 13:10 GMT
The Code Red worm could be the latest in a series of politically motivated attacks from virus writers in China.
Eric Chien, chief researcher at security vendor Symantec, told silicon.com it was "most likely" Code Red originated in China.
Although official reports claim it's improbable the worm came from within the People's Republic, Chien said: "There is no ground zero infection for this, so it is impossible to be 100 per cent on where it came from, but all the signs point to this originating from China."
Code Red, which is due to restart attacking servers from 20:00(ET) - 01:00(BST) on Wednesday morning - leaves the message "Hacked by Chinese!" on infected sites.
However, a report on Reuters today said the worm could not have originated in China.
A Chinese security expert claimed: "One thing I can be sure of is that it was not created by a Chinese person. Its appearance and its spreading did not start in China."
He cited the fact that no reports of the worm have emerged in the People's Republic to support his case.
However, Chien dismissed the report and said the fact there were no reports of the virus in China was no indication that it didn't originate there.
He added: "Firstly, the writer could have directed the worm against a US server. Secondly the worm only infects American-language versions of Microsoft's software, so it specifically targets US sites."
US websites have been beset by politically-motivated hacking attempts from China since the diplomatic fracas between the two countries following the US spy plane incident in April.
Most of these hacks have attacked US government websites.
The Code Red worm exploits a vulnerability in servers running Microsoft's IIS web-server software, for which a patch is available.
The worm works by inundating vulnerable web servers with the malicious program, causing a massive increase in web traffic and forcing sites to go down under the weight of information.
Last week Code Red forced several US government websites to close. Although the worm is currently dormant, it is programmed to start re-infecting servers later today.
The US government, FBI and Microsoft yesterday warned the worm could bring the internet to a grinding halt when it reactivates itself early Wednesday morning.
Keywords: Oracle, Financials, Functional, AP, AR, GL, CM, R12, 12.1, eTax, China, Chinese, Japan, We need Chinese speakers or Japanese speakers ...
Job Title: Business Systems Architect - Financial MarketsDepartment: Systems Management Division, Financial Markets DepartmentReport to: GM Office of ...
Anti-Virus & Encryption Design Consultant, McAfee Specialist, Public Sector, London Our Public Sector client requires an Anti-Virus & Encryption ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business