Code Blue strikes

Of course it is something to do with Code Red...

Of course it is something to do with Code Red...

A new internet worm, called Code Blue, is infecting Chinese and Australian servers fast with a payload set to deliver a denial of service attack against targets in China. In what could be a perverse attempt at retribution for Code Red, thought to be the work of Chinese virus writers, the worm infects servers already hit by Code Red and eradicates both the worm and the vulnerability. However, according to security firm Kaspersky Labs it then reproduces itself 100 times - to servers infected and non-infected by Code Red alike - with the ultimate aim of producing a DDoS on the website of Chinese security firm Network Security Focus. The worm exploits a well-known security flaw in Microsoft's IIS web server software for which a patch has been available for a year. According to security testing firm VIGILANTe, the rapidity of the virus's spread in Asia shows how many firms have failed to heed expert advice. A patch for the vulnerability is available here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/Security/Bulletin/ms00-078.asp