With the Code Red II worm still making its presence felt in cities across China, the country's Ministry of Public Security (MPS) Saturday opened a special telephone hotline for Chinese users affected by the worm. MPS also reiterated an earlier warning that users should apply a patch to prevent servers from being affected by Code Red II.
The MPS hotline will provide advice and information to Chinese users affected by the Code Red II worm, according to a statement.
Since the end of July, the Code Red II worm has hit servers in more than 10 Chinese cities, the statement said. Networks and servers affected by Code Red II include servers at Chinese government organs, schools, research institutes, large companies and financial institutions, it said. While MPS did not give a specific figure for the number of servers that have so far been hit by Code Red II, the official People's Daily newspaper Saturday reported that more than 600 servers in China had been attacked by the worm.
Most Chinese users running Microsoft's Windows 2000 and Windows NT operating system have applied a patch that fixes the buffer overflow vulnerability exploited by Code Red II, the MPS statement said. This has kept the spread of Code Red II in China under control, it said. Chinese government officials have also been in contact with Microsoft (China) Co. Ltd. to request that the company make the patch and information on system recovery easily accessible to Chinese users, it said.
"We have translated the patch into Chinese," said Microsoft China spokeswoman Sharon Zhang. In addition, Microsoft has been in direct contact with its largest customers regarding Code Red and has made information available to users through its own customer service hotline, she said.
An upgraded version of the original Code Red worm, Code Red II targets servers running Internet Windows NT and Windows 2000. It creates a "backdoor" to Web servers that lets hackers easily get in and steal or change information and passwords. Code Red II has also been modified to target servers running Chinese as the default language. The original version of Code Red was designed to most strongly affect servers running English as the default language and did not place a backdoor in affected servers.
Despite speculation that the Code Red worm may have originated in China, there is still no evidence to support that conclusion, MPS said.
Chinese users affected by Code Red II can reach the MPS hotline at +86-22-2731-6567 or +86-22-8730-7180. In addition, Chinese-language information regarding the patch may be found on Microsoft's Web site at http://www.microsoft.com/china/security/codealrt.asp.