Re: Any one seen any evidence of "Code Blue?"

[H C <keydet89 () yahoo com>]

Nick,

It would seem to me that posting on a public list
stating that "CodeBlue is vendor snake-oil and/or
media hype" is no different from what you're accusing
the vendors and media of.  You're simply taking the
same tact, and shooting for the other end of the
spectrum.

> > Why have I not seen anything on this list about
> the "Code Blue" worm?  ...
>
> Because it is hype and does not exist in the wild,
> or if it does, it 
> is so buggy/flawed that it is effectively non-viable
> in "real world" 
> infestations.

Or, could it be that sadmin/IIS served to "inoculate"
systems?

http://www.f-secure.com/v-descs/codeblue.shtml

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BLUECODE.A


> 4.  CodeBlue (aka BlueCode) is repeatedly said to be
> "potentially
> much worse" than CodeRed.C with "the potential to
> spread much faster". 

Said by whom?  Do you have links to published
articles? 

It's not entirely clear why you're comparing Code Red
to Code Blue.  Code Blue doesn't use the same
infection vector as Code Red.  And I'm not sure how
the fact that you haven't seen it qualifies it as
non-existant.

If Code Blue does exist, it's likely that sadmin/IIS
and Code Red have caused IIS admins to update their
systems.  


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com