Nick, It would seem to me that posting on a public list stating that "CodeBlue is vendor snake-oil and/or media hype" is no different from what you're accusing the vendors and media of. You're simply taking the same tact, and shooting for the other end of the spectrum. > > Why have I not seen anything on this list about > the "Code Blue" worm? ... > > Because it is hype and does not exist in the wild, > or if it does, it > is so buggy/flawed that it is effectively non-viable > in "real world" > infestations. Or, could it be that sadmin/IIS served to "inoculate" systems? http://www.f-secure.com/v-descs/codeblue.shtml http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BLUECODE.A > 4. CodeBlue (aka BlueCode) is repeatedly said to be > "potentially > much worse" than CodeRed.C with "the potential to > spread much faster". Said by whom? Do you have links to published articles? It's not entirely clear why you're comparing Code Red to Code Blue. Code Blue doesn't use the same infection vector as Code Red. And I'm not sure how the fact that you haven't seen it qualifies it as non-existant. If Code Blue does exist, it's likely that sadmin/IIS and Code Red have caused IIS admins to update their systems. __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 12 2001 - 11:54:51 PDT