Security Incidents mailing list archives
Re: Any one seen any evidence of "Code Blue?"
From: H C <keydet89 () yahoo com>
Date: Wed, 12 Sep 2001 11:23:55 -0700 (PDT)
Nick, It would seem to me that posting on a public list stating that "CodeBlue is vendor snake-oil and/or media hype" is no different from what you're accusing the vendors and media of. You're simply taking the same tact, and shooting for the other end of the spectrum.
Why have I not seen anything on this list aboutthe "Code Blue" worm? ... Because it is hype and does not exist in the wild, or if it does, it is so buggy/flawed that it is effectively non-viable in "real world" infestations.
Or, could it be that sadmin/IIS served to "inoculate" systems? http://www.f-secure.com/v-descs/codeblue.shtml http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BLUECODE.A
4. CodeBlue (aka BlueCode) is repeatedly said to be "potentially much worse" than CodeRed.C with "the potential to spread much faster".
Said by whom? Do you have links to published articles? It's not entirely clear why you're comparing Code Red to Code Blue. Code Blue doesn't use the same infection vector as Code Red. And I'm not sure how the fact that you haven't seen it qualifies it as non-existant. If Code Blue does exist, it's likely that sadmin/IIS and Code Red have caused IIS admins to update their systems. __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Any one seen any evidence of "Code Blue?" Michael Katz (Sep 11)
- Re: Any one seen any evidence of "Code Blue?" Yaakov Yehudi (Sep 12)
- Re: Any one seen any evidence of "Code Blue?" Nick FitzGerald (Sep 12)
- Re: Any one seen any evidence of "Code Blue?" H C (Sep 12)
- Concept Virus / Nimda Gary Warner (Sep 18)
- Re: Any one seen any evidence of "Code Blue?" H C (Sep 12)
- <Possible follow-ups>
- Re: Any one seen any evidence of "Code Blue?" Pedro Miller Rabinovitch (Sep 12)
- RE: Any one seen any evidence of "Code Blue?" Patrick Belcher, Monitored Security (Sep 12)