Thursday August 30 6:29 PM ET

Report: Code Red Computer Worm Born in China

WASHINGTON (Reuters) - The ``Code Red'' computer worm, which caused $2.4 billion in estimated cleanup costs on Internet-linked computers last month, seems to have been born at a university in China's southern Guangdong province, according to the nonpartisan investigative arm of the U.S. Congress.

``The worm is believed to have started at a university in Guangdong, China,'' Keith Rhodes, chief technologist at the General Accounting Office, said in written testimony on Wednesday before a House Government Reform subcommittee.

The testimony, delivered at a field hearing in Monterey, California, did not elaborate on the virus' alleged Chinese origin. Rhodes and his associates did not return calls seeking details.

Code Red infected more than 250,000 systems in just nine hours on July 19, shortly after it was first reported, according to the National Infrastructure Protection Center at FBI headquarters.

Reports in the Indian press earlier this month said the Code Red virus had been traced to the University of Foshon in Guangdong province.

Following the reports, Reuters contacted a laboratory technician at the University of Foshon's computer department who said he was surprised to learn of reports fingering the school because classes had been out since July 6 and the premises were being refurbished.

``All the students are on vacation and we're under construction. Even the electricity is down,'' the technician, who gave his last name as Hu, said in the Aug. 7 telephone interview.

Asked about the congressional report, Navy Capt. Robert West of the Joint Task Force for Network Operations, responsible for defending the U.S. military's information infrastructure, said the Defense Department was ``not ready to attribute the Code Red worm to any specific actor at this point'' while efforts to pinpoint the origin continued.

A spokeswoman for the FBI-led infrastructure protection center, Debbie Weireman, said the Code Red worm and successors known as Code Red II and SirCam were still under investigation.

Zhang Yuanyuan, a Chinese Embassy spokesman, said he had no information about the origin of the malicious computer code.

-- Anonymous, August 31, 2001