Code Red II replicates three times as fast as the original worm and when it goes into scanning mode (after it has infected a server and is on the lookout for the next) it now looks for local servers - those within a network or sub-network, explained security distributor Janteknology's Glenn Miller.
-We're seeing a collaborative damage situation that will cause subnet degradation, manifesting itself in slow network connections," Miller said, adding that Janteknology has been able to -identify that a number of attacking IPs here in Australia belong to an ISP," the name of which -would -roll off the tongue".
Code Red II is causing more problems with cable modems and ADSL links, according to Miller, which was backed up by a ZDNet reader who was sent the following email purportedly from the Telstra BigPond broadband cable helpdesk:
-The recent network activity is due to the Code Red worm virus propagating on the Broadband network. There are users who are unaware that their machines are infected with the virus in fact searching for vulnerable computers on the network to infect. Your line of defence is the use of an up to date virus scanner with updated virus definitions and a reputable firewall software."
Optus@Home shut down external access when it realised some of its customers had been affected by Code Red, a company representative told ZDNet.
-It looks like everything is pretty much under control on our service in relation to Code Red," she said. -Only a handful of our customers were affected - these were customers who had 'open and un-patched' Microsoft Internet Information Servers (IIS) Web Servers running." Optus said users running Web Servers are in breach of the company's Acceptable User Policy.
According to Janteknology's Miller there have been reports in the US of ISPs whose services have -gone down for a while" as a result of Code Red. -If it can happen there it can happen here," he said.
Security monitoring company securityfocus.com has increased the threat level of Code Red II an orange alert -- its second highest. The only higher threat status is Code Red, which points to an Internet meltdown.
CodeRedII is attacking my firewall at the rate of 10-30 hits/hour. As a Telstra ADSL user I have to say, it just gets worse & worse. I ran a comparision on a friends ISDN link, which I am informed by Tech Support has a direct connection to the Telstra backbone network.It is lightening fast!
ADSL runs like molasses on a cold day.
Compare, ISDN runs at 64Kbps(thats kilobits/sec) while my ADSL link runs at 512KBps (or 512KBx8=4,086Kbps. Thats almost 5megabits/sec.
The difference is a joke, when the response on an overseas server is compared. ISDN provides almost instant screen refresh. ADSL is woefull by comparison. I have to conclude that Telstra has insufficient overseas bandwidth supporting its ADSL network users.
My guess also is that ADSL is slowly but surely being overloaded by CodeRed. This shouldn't happen, because ADSL home users are not allowed to use servers on the network.
If business users can't protect their Windows IIS servers, they should be DISCONNECTED, without further warning.
They have had more than enough time to fix their servers. These attacks only come from business users or ISP's who have not patched their Windows IIS servers.
Come on Telstra, wake up!! Put more backbone into the ADSL network, and get your ABUSE section to do its job. They could have prevented this disaster. Instead they pass the buck to users.