Code Blue deemed bigger threat than Code Red

Chinese antivirus researchers have uncovered a modified variant of the Code Red worm, dubbed Code Blue, that has the potential to cause more damage to users of Microsoft Windows NT and Windows 2000 than earlier Code Red variants, according to a statement released Friday by Beijing-based software vendor Kingsoft Corp.

The company did not give an indication of just how many users have so far been affected by the worm. But like earlier variants of Code Red, Code Blue launches a denial of service attack. However, unlike other variants which launched a denial of service attack against the White House Web site, the Code Blue worm instead attacks an IP address (211.99.196.135) associated with the Web site of a Chinese network security provider, NSFocus Information Technology Co. Ltd.

At 12 p.m. ET, the NSFocus Web site and the targeted IP address were observed to be functioning normally.

Code Red was first discovered in mid-July, but made its biggest splash after infecting hundreds of thousands of computers worldwide in August.

Code Blue is deemed to be more threatening to users than earlier Code Red variants because, unlike Code Red, Code Blue gradually increases its usage of system resources and, if not stopped, can bring computers running Windows NT or Windows 2000 to a halt, the Kingsoft statement said. By comparison, computers affected by Code Red were largely able to continue functioning normally with no obvious degradation in system performance.

Earlier variants of the Code Red worm exploited a single buffer overflow vulnerability in versions of Windows NT and Windows 2000 running Internet Information Server (IIS). A buffer overflow vulnerability opens when space in a program's code that is reserved for transaction protocols is violated by a malicious program.

By comparison, Code Blue exploits multiple system vulnerabilities, including a Web server folder traversal vulnerability first announced by Microsoft late last year, the statement said. The Web server folder vulnerability in IIS is exploited by using a malformed URL address to access files and folders on a specific drive. This gives a malicious user control of a machine, including the ability to change or delete data and upload and run code on the server.

Information on the Web server folder traversal vulnerability and a patch can be found on Microsoft's Web site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/Security/Bulletin/ms00-078.asp. In addition, Kingsoft has developed a software tool that can detect and remove the Code Blue worm. It can be downloaded for free at http://www.iduba.net/download/other/tool_010907_CodeBlue.htm.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?