Code Red: Is it political?

NEWS The Code Red worm could be the latest in a series of politically motivated attacks from virus writers in China. Eric Chien, chief researcher at security vendor Symantec, told silicon.com it was "most likely" Code Red originated in China. Although official reports claim it's improbable the worm came from within the People's Republic, Chien said: "There is no ground zero infection for this, so it is impossible to be 100 per cent on where it came from, but all the signs point to this originating from China." Code Red, which is due to restart attacking servers from 20:00(ET) - 01:00(BST) on Wednesday morning - leaves the message "Hacked by Chinese!" on infected sites. However, a report on Reuters today said the worm could not have originated in China. A Chinese security expert claimed: "One thing I can be sure of is that it was not created by a Chinese person. Its appearance and its spreading did not start in China." He cited the fact that no reports of the worm have emerged in the People's Republic to support his case. However, Chien dismissed the report and said the fact there were no reports of the virus in China was no indication that it didn't originate there. He added: "Firstly, the writer could have directed the worm against a US server. Secondly the worm only infects American-language versions of Microsoft's software, so it specifically targets US sites." US websites have been beset by politically-motivated hacking attempts from China since the diplomatic fracas between the two countries following the US spy plane incident in April. Most of these hacks have attacked US government websites. The Code Red worm exploits a vulnerability in servers running Microsoft's IIS web-server software, for which a patch is available. The worm works by inundating vulnerable web servers with the malicious program, causing a massive increase in web traffic and forcing sites to go down under the weight of information. Last week Code Red forced several US government websites to close. Although the worm is currently dormant, it is programmed to start re-infecting servers later today. The US government, FBI and Microsoft yesterday warned the worm could bring the internet to a grinding halt when it reactivates itself early Wednesday morning.