[Gllug] Code Blue - is it true?

Ian Northeast ian at house-from-hell.demon.co.uk
Fri Sep 7 19:37:55 UTC 2001


jim wrote:
> 
> On Fri, 7 Sep 2001, Rev Simon Rumble wrote:
> > Could well be true.  My log files sure do have a bunch of these from
> > the last 24 hours:
> > 203.249.133.72 - - [07/Sep/2001:18:39:37 +1000] "GET
> > /default.ida?XXXXXX ...
> 
> Nah, that's Code Red II.
> 
> Great Yahoo! article, isn't it? "But the Code Red II worm faded away as
> people downloaded free patches from the Microsoft Web site which plugged
> the hole the worm used to enter computers." Yup, Microsoft save the day
> again.  Hurrah for Bill! Quite apart from the spin it's JPNT ... code red
> II has certainly not faded away yet.

It was falling off last time I looked. I was getting 60/day at one
point, and it went down to 30/day. It's a few days since I checked, it's
getting boring:)

> "the Code Red worm and successors known as Code Red II and SirCam were
> still under investigation." SirCam's an Outlook virus, shorely, and is
> completely different.

It is indeed. I was treated to my first taste of SirCam the other day
BTW. Someone I have never heard of sent me it, so I replied suggesting
he get a virus checker[1], and 6 hours later he sent me another copy:)

> Anyway, it's the first I've heard about any Code Blue. I keep half an eye
> on Bugtraq but I haven't noticed anything there about it. Smells a little
> fishy to me ...

There's an entry on securityfocus but it's just a link to the Yahoo
article. Nothing I can see about what the worm looks like or any real
detail at all. The statement about SirCam does not lend credibility to
the article does it?

Regards, Ian

[1] yes, I did remove the virus from my reply

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list