Copy courtesy http://www.datarescue.com/fprot/virinfo/hackedbychinese.gif<br>

Prime site:<br>
<img src="http://www.datarescue.com/fprot/virinfo/hackedbychinese.gif" 
	alt="Copy of MS site hacked by the Chinese origin Code.Red work
	010720">
<br><hr>
Local Copy:<br>
<img src="hackedbychinese.gif">

<br>
<hr>

The above image was snapshotted July 19, 2001.  'Where do you want you go
today?'<br>
<hr>
"All your base are belong to us."
<hr>
The worm is estimated to have taken over in excess of 100K Windows NT and
2000 IIS servers.  It is malicious, being scheduled to launch a co-ordinated
denial of service atack against the IP's serving www.whitehouse.gov on
Friday, July 20, 2001.<br>
<br>

Note that this is <i>not</i> just a random server -- it is part of 
the cluster which constitutes the authoritative 
MicroSoft Windows Updates distribution serverfarm.<br>
<br>

So, more troubling than the defacement, 
is the fact that 'trojaned' updates, or more simply, links
to sites containing bogus content, might have been
substituted.  Given the tendency and conditioning of more graphical 
operating system System Administrators to simply 'keep clicking' through 
warnings that checksums of authentication 'signing' 
codes might not correctly
validate, it is well possible that secondary infectious material has been 
inserted into the MicroSoft update stream.<br>
<br>

<a href="http://www.colug.net/>Return to COLUG site</a><br>
<br>