Code Red worm traced to Chinese university

The author of the malicious Code Red worm has been traced to a university in China, according to US officials.

The chief technologist at the US General Accounting Office (GAO) told the bipartisan House committee on government reform last week that he believes the worm to have originated from a university in Guangdong, China. But no details were released to back up the claim, and Keith Rodes, who delivered the speech, insisted that no one country or person was being treated as a prime suspect yet.

The Code Red worm and its predecessor Code Red II take advantage of a vulnerability in Microsoft's Internet Information Server (IIS) Web server software, and propagate across networks without any user intervention. The Code Red II worm is more malicious, as it installs "back doors" on infected Web servers, allowing any remote hacker to execute arbitrary commands and take complete control of a system.

Speculation has previously appeared in the press that the name "Code Red" referred to China, and was fuelled by the "Hacked by the Chinese" message that appeared on some attacked computers. But in fact the name came from the latest flavour of the favourite drink -- Mountain Dew -- of the researchers who discovered the virus, working at Internet security firm eEye Digital.

The US has been investigating the Code Red since the 19 July, when it infected more than 250,000 systems in just nine hours, according to the National Infrastructure Protection Centre (NIPC). An estimated 975,000 servers have been infected in total, according to Computer Economics -- including the White House Web site. The economic costs resulting from the worm are already thought to be over £2.4bn.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.