NZ DSL users not hurt by new worm

New Zealand DSL users seem unaffected by the latest viral attack - the Code Red worm - which has caused problems for DSL users in the US.

New Zealand DSL users seem unaffected by the latest viral attack - the Code Red worm - which has caused problems for DSL users in the US.

The worm exploits a security hole in Microsoft's Internet Information Servers (IIS) and is causing internet traffic problems around the world. The virus checks through any infected system hunting for IP addresses of servers also running IIS and attacks them. Rumours that Microsoft's own Windows Update server had been affected are as yet unconfirmed.

Microsoft has previously released a patch for the security flaw.

One of the side effects of the worm is that it shuts down some Cisco DSL routers running firmware version 2.4.1 or earlier. This has caused chaos in the US where the routers are popular with DSL provider Qwest customers. Here in New Zealand Cisco were did not immediately return IDGNet's calls. However, Xtra spokesperson Matt Bostwick reports very little fluctuation in the traffic across Telecom's JetStream network.

"Apart from a slight increase in traffic there's nothing significantly different happening at the moment," he says.

Tim Wood, director of Ihug, says the problems are only just beginning with this kind of worm.

"This one hibernates for a while then starts up again so it will be interesting to see what happens next."

He says this is a new type of virus in that it attacks web servers rather than end users. The Ihug message of the day contains a warning for all users, regardless of whether they are infected or not.

"[The virus] will cause many international and possible national sites to become unreachable or sluggish."

Both Ihug and Telecom warn that they themselves don't run IIS but it could cause problems for customers who are running IIS.

"Fortunately as I understand it's easy enough to get rid of," says Wood. He says Ihug has applied security patches where need be and he's only seen about 15 infected users at Ihug so far.

Meanwhile the intended target of the worm's payload, the White House website, has switched to an alternative IP address to try to avoid the intended distributed denial of service attack. Latest estimates have over 100,000 servers infected all poised to fire a data payload at www.whitehouse.gov at 8pm New Zealand time.

A Microsoft New Zealand spokesman says the patch has been available for a month and he recommends users can sign up for a security update email which automatically informs end users of security updates.

"Administrators need to keep their sites up to date with patches and security warnings."

Join the newsletter!

Error: Please check your email address.

More about CiscoMicrosoftQwestXtra

Show Comments
[]