Code Blue kicks Code Red out of bed
Code Blue is a more virulent strain of the Code Red virus, protecting itself from other versions of the worm and reinfecting servers previously infected by its Code Red predecessor, according to Glenn Miller, MD of security software specialist Janteknology.
“It’s a lot trickier than reiterations we’ve seen previously. It kicks out Code Red and is doing its own thing,” Miller told ZDNet Australia. “There’s no reason to hit the panic button. None of this is 'skies falling in' stuff…but it’s building.”
Activity levels of malicious incidents are increasing worldwide, with China--Code Blue’s first port of call–seeing up to 300,000 threats today from yesterday’s 270,000, according to Miller.
The incident rate in Australia, which ZDNet reported to be around 32,000 yesterday, has gone up marginally and incidents in the US have broken the million barrier, Miller claims.
Code Blue is much more malicious than its red counterpart. It doesn’t die when a system is shut down, re-activating itself every time an infected computer is booted up. It also downloads extra files from the already infected servers and recreates them in the C-drive of the system it goes on to infect. These files include maliciously modified versions of genuine files found in Windows, Miller said.
Code Blue also goes on to issue a denial-of-service attack against the Web site of Network Security Focus (NSFocus)--a Chinese network security provider.
The fact that it reinfects servers previously blasted by Code Red is also an issue, as there are a lot of servers out there still infected due to organizations’ negligence or apathy, according to Miller.
”Infected servers are going to get a kick in the backside this time,” Miller said. “This is not an arm’s length problem, it’s an in-house problem. These servers are going to start melting down."