Virus writing group denies involvement with Code Red

posted by abennett
Be the first to comment | I like it!
More »
on this topic
August 8, 2001, 08:28 AM —  ITworld.com — 

Virus writing group 29A denied that any of its members created the Code Red or the Code Red II worm. The denial came after a German media report pinpointed 29A as the brains behind the malicious Internet worms.

A Deutsche Presse Agentur (DPA) report said that 29A has been bragging on online chat rooms about unleashing Code Red onto the Net. DPA also described 29A as a Dutch hacker group.

"Some Chinese guy is responsible (for Code Red) not any 29A member," said a Spanish member of 29A using the alias VirusBuster in an e-mail interview. He added that 29A is not a hacker group, but a virus-writing group. Most members are from Spain and the Czech Republic; none are Dutch, he said.

Mikko Hypponen, manager of antivirus research at anti-virus software vendor F-Secure Corp., has investigated the source of both Code Red and Code Red II and said he "is pretty confident 29A is not involved with any version of Code Red" as they lack the traditional 29A signature.

"The string 29A exists in the code of Code Red II. It is a binary reference to the number 666. The string is part of the code that is executed and not something that was set apart as a signature. In viruses created by a 29A member the signature is not part of the code, but separate and is always in a special format," he said.

Experts and authorities worldwide are trying to determine who is responsible for Code Red and Code Red II. There is some speculation that the first version was made in China because the worm placed a message saying "hacked by Chinese" on infected systems. The economic cost of both worms has reportedly risen to nearly US$2 billion.

F-Secure's Hypponen thinks Code Red II was made in the U.S., by virus writers who believe the original Code Red came from China. Hypponen himself doesn't believe the original worm was created in China, although he doesn't have anything concrete to back that.

"This (Code Red II) is an anti-Chinese virus. It checks whether it has infected a Chinese machine and then doubles the spreading rate. We think Code Red II was made in the U.S. as a retaliation," said Hypponen.

Code Red is a self-propagating worm that exploits a flaw in Internet Information Server (IIS), a part of Microsoft Corp.'s Windows 2000 and Windows NT software. It scans the Internet for vulnerable systems and infects these systems by installing itself. The amount of traffic Code Red generates can slow down the flow of information across the Internet.

The more dangerous Code Red II installs a "back door" in servers that allows attackers to access the infected computer without the usual passwords. Once logged in through the back door, attackers can gain control of the machine.

A patch for the flaw in IIS that is exploited by Code Red and Code Red II has been available from Microsoft since mid-June.

F-Secure, in Espoo, Finland, can be reached at +358-9-859-900 or http://www.f-secure.com/.

ITworld.com

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
view all newsletters »
Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace