Code Red hits DSL routers, cable-modem networks
The Code Red worm in all its variants continues its destructive spread, not only worming its way into hundreds of thousands of Microsoft Corp. Web servers, but also having a newly noticed impact on a broad range of Cisco Systems Inc. equipment, including DSL (digital subscriber line) routers within the Qwest Communications International Inc. network.
In addition, cable Internet providers, including Time Warner Cable Inc., AT&T Broadband Inc., Cox Communications Inc. and Excite@Home Inc., have experienced network slowdowns as the new, rewritten version of Code Red discovered last weekend continues to spread.
Cox spokeswoman Laura Oberhelman said: "We're monitoring the network for Code Red. Because of the high volume of traffic that the Code Red worm generates, we are having a traffic slowdown, particularly with e-mail."
When Cox technical staff identifies an infected Microsoft Web server on the Cox Internet cable service, the Cox personnel contacts the subscriber in order to temporarily disconnect them from the Cox network and assist the subscriber in eliminating the Code Red worm from the infected machine.
Cox would not say exactly how many of its subscribers were affected in this way, but said it was only a small percentage.
Dubbed Code Red II, the new computer worm, which includes a dangerous backdoor Trojan, has bogged down their networks by infecting Internet-connected machines where the Microsoft Web server is running.
Many enterprises were thrown into disarray this week by Code Red II.
The global news agency Associated Press found its Internet communications curtailed a few days last week as its IT staff "scrubbed clean" the array of Microsoft IIS Web servers used internally and for news distribution, said spokesman Jack Stokes. Code Red II delayed updates on AP's Web site and affected a photo service used by smaller newspapers. Unaffected were AP's satellite communications.
Motorola found Code Red II invading its global corporate intranet, forcing the company to shut it down to disinfect its Microsoft Web servers. Motorola employees switched to fax, phone and pager in place of e-mail.
Ironically, Microsoft's own MSN Hotmail servers were infected by the Code Red II worm because Microsoft had failed to patch its own servers.
Time-Warner's RoadRunner service issued an advisory to its customers this week, acknowledging that customers "may experience slow network response, flashing connectivity lights on the cable modem, and other activity, such as unusual port scan log activity or increased firewall activity." Time-Warner urged its customers to install the software patch Microsoft has made available to prevent Code Red from infecting Microsoft Windows NT or the Microsoft Windows operating system.
Other cable services also had problems.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
