No subject

a machine, one of the first things it does is tries to figure out if the
machine's default language is Chinese. If it is, it will spawn twice as
many copies of itself trying to spread the worm. So statistically you'd
expect an increase in the number of attacks from chinese-speaking nations
(which many people have noted). And on the 20th of each month it
supposedly launches an effective DoS on the whitehouse's website.

Meanwhile, it goes about disabling Windoze File Protection which, oddly
enough, requires a Reeeboot(tm). Thus, the machines reboot after a day
from infection, two days if it's a chinese machine. From which time the
machine is then clean (the worm is only memory resident) and ready to be
infected again, and from records so far, it wouldn't take long. One funny
story on /. - a guy reinstalled his W2K machine and before he could apply
the patches he was infected again!

This all happens until the date reaches past October 2001, in which time
if an infection attempt occurs, the worm will simply reboot the computer.
This starts 1st October 2001... oddly enough, it struck me last night that
this is China National Day. Fireworks time around the world... Hundreds
of thousands of machines rebooting uncontrollably most of the day. I think
they were trying to take the piss too *grin*

I think there's political intent behind this worm, whoever wrote it is
trying to blame the Chinese for all the mess it's created and disturb
US-China relations further, but that's just my long-winded theory. The
worm itself really is quite a work of art I must say!

My count is 23 CR2 in the last hour. 283 all up. and 143 of CR1 all up.
I'd say it's alive as a living parasitic organism rampantly out of
control, cause it sounds cool. :)

Enough rambling from me,

Bernard.

PS if I got any of the details wrong then my apologies. For the real
technical details visit websites mentioned previously... (my disclaimer :)

-- 
 Bernard Blackham
 bernard at blackham.com.au