The Code Red II virus is spreading three times as fast as the original version, and the majority of attacking IPs here in Australia belong to Internet Service Providers, ZDNet has learned.

Code Red II replicates three times as fast as the original worm and when it goes into scanning mode (after it has infected a server and is on the lookout for the next) it now looks for local servers - those within a network or sub-network, explained security distributor Janteknology's Glenn Miller.

-We're seeing a collaborative damage situation that will cause subnet degradation, manifesting itself in slow network connections," Miller said, adding that Janteknology has been able to -identify that a number of attacking IPs here in Australia belong to an ISP," the name of which -would -roll off the tongue".

Code Red II is causing more problems with cable modems and ADSL links, according to Miller, which was backed up by a ZDNet reader who was sent the following email purportedly from the Telstra BigPond broadband cable helpdesk:

-The recent network activity is due to the Code Red worm virus propagating on the Broadband network. There are users who are unaware that their machines are infected with the virus in fact searching for vulnerable computers on the network to infect. Your line of defence is the use of an up to date virus scanner with updated virus definitions and a reputable firewall software."

Optus@Home shut down external access when it realised some of its customers had been affected by Code Red, a company representative told ZDNet.

-It looks like everything is pretty much under control on our service in relation to Code Red," she said. -Only a handful of our customers were affected - these were customers who had 'open and un-patched' Microsoft Internet Information Servers (IIS) Web Servers running." Optus said users running Web Servers are in breach of the company's Acceptable User Policy.

According to Janteknology's Miller there have been reports in the US of ISPs whose services have -gone down for a while" as a result of Code Red. -If it can happen there it can happen here," he said.

Security monitoring company securityfocus.com has increased the threat level of Code Red II an orange alert -- its second highest. The only higher threat status is Code Red, which points to an Internet meltdown.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.