Re: RE: Code Blue

From: netease (mintik@netease.com)
Date: 09/11/01 

Date: Tue, 11 Sep 2001 13:5:45 +0800
From: netease <mintik@netease.com>
To: "Kinsey, Robert" <Robert.Kinsey@Veridian.com>, 'FOCUS-MS@securityfocus.com ' <FOCUS-MS@securityfocus.com>
Subject: Re: RE: Code Blue
Message-Id: <20010911051226.7B21A1C522F08@smtp1.netease.com>

Kinsey, Robert,您好!

 The message is :

Nowaday Kingshan company found some worm virus named BlueCode. After the analysis work we build the tools which can kill this worm.This virus use the vulnerability of IIS, and just like the redcode. because it have the code"Blue Code" in its body, we named it 蓝色代码 virus. here is the URL of the tools can kill BlueCode.
http://gz.iduba.net/download/othertools/DuBa_CodeBlue.exe




Yours Sincerely  
Zhang Fan (Shanghai)

======= 2001-09-10 您在来信中写道:=======

>Rene and all,
>
>I found a link on www.iduba.net/resources (I lost the rest of the URL) that
>discusses the "Code Blue" worm. The page is in Chinese so have babelfish at
>the ready. The site includes a link to a tool to kill the worm (I think -
>Babel it best does perfect not is it) but the site specifically mentions MS
>00-057!!!.
>
>The write-up also specifically mentions a Unicode traversal in IIS (not the
>index service).
>
>If someone can either translate the native language page or make good sense
>out of the translated page please do. In the best case sysadms should have
>this old patch put on (in most cases) by now.
>
>Good luck.
>
>Rob

= = = = = = = = = = = = = = = = = = = =
                        

                    致
礼!
                                 
               netease
               mintik@netease.com
                                        2001-09-11

Relevant Pages

  • RE: Code Blue
    ... Subject: Code Blue ... I found a link on www.iduba.net/resources (I lost the rest of the URL) that ... The site includes a link to a tool to kill the worm (I think - ... If someone can either translate the native language page or make good sense ...
    (Focus-Microsoft)
  • RE: Code Blue
    ... Subject: Code Blue ... The Patch for "Web Server Folder Traversal" Vulnerability that ... Chinese officials are reporting a new worm similar to Code Red that slows ...
    (Focus-Microsoft)
  • Any one seen any evidence of "Code Blue?"
    ... Why have I not seen anything on this list about the "Code Blue" worm? ... I submit the following web server access log as a possible candidate based ... it matches with the reported infection method: ...
    (Incidents)
  • Re: Code Blue
    ... Subject: Code Blue ... Code Blue Worm ... Kaspersky Labs has released an advisory concerning a ... The Kapersky Labs Code Blue Advisory: ...
    (Focus-Microsoft)
  • Re: Any Practical Joker or Benign Viruses Out There?
    ... David H. Lipman wrote: ... > And when did the author tell you how the worm was designed to be ... I do recall similar problems with "Code Blue" a little while ago ...
    (microsoft.public.security.virus)