Ops Fight to Turn Code Red's Worm

Despite the appearance of a more dangerous mutation of the Code Red worm, cable operators and high-speed service providers said last week that the infestation's impact was relatively small.

Some high-speed users who contracted the virus complained of sluggishness in connections and applications. A smaller number within that group reported extreme cases that resulted in denial of service.

Cablevision Systems Corp., which offers cable-modem service under the Optimum Online brand, said the worm infected a "low percentage" of its customers.

Though no particular cable modem make or model was most at risk, a number of subscribers saw their alert light flash and were knocked out of service. To remedy the problem, those customers were told to disconnect and hard-boot the modem before retrieving a patch from Microsoft Corp.'s Web site that removes the files installed by Code Red, then restarts the computer sans infection.

Cablevision would not say how many of its cable-modem customers contacted the MSO because they contracted Code Red, in part because many knew how to fix the problem themselves.

"Cablevision will continue to communicate and work with our customers to ensure minimal impact from [Code Red]," senior vice president of media and community relations Charles Schueler said in a prepared statement.

Meanwhile, a number of Excite@Home Corp. customers complained about lagging connections and slow downloads of Web pages and electronic mail, said company spokeswoman Estella Mendoza.

"The good news was that it wasn't widespread and that our network was never down," she said.

Mendoza said the first version of the worm had a minimal impact, but the second variant was a tougher customer. It affected about 900 of the 3.6 million residential subscribers on @Home's network.

According to the System Administration, Network and Security (SANS) Institute, a research and education organization based in Maryland, cable and DSL subscribers are especially at risk to the Code Red worm — including those who may have been infected but don't realize that they have Microsoft Corp.'s IIS (Internet Information Server) software installed.

That's problematic because Code Red II does more than just cause Web-server troubles. It also opens a "back door" to infected PCs, giving hackers an opportunity to filch private data.

AT&T Broadband spokeswoman Sarah Eder said the impact on the MSO's cable-modem customers were "minimal," but wouldn't be more specific.

Mendoza said some companies were vulnerable to Code Red because it worms through the IIS 4.0 software that runs on widely deployed Windows 2000 and Windows NT operating systems.

Still "these worms are not a cable-modem or DSL problem alone," Mendoza added. "It's a problem that's impacting the Internet."

Like Cablevision, AT&T Broadband also directed customers infected with Code Red to deactivate and recycle their cable modems and to download the patch.

Customers who rebooted their modems to change their IP address — but didn't download the patch — are still vulnerable to future attacks, Eder said.

A third, even more dangerous third version of Code Red reportedly surfaced in South Korea on August 10, but U.S. network security experts told Reuters they didn't believe it was a new strain of the worm.

Mendoza confirmed last week that the company has yet to encounter a third version of Code Red.

Code Red isn't the only electronic nasty to cause problems for cable operators this year. In February, a virus named after tennis star Anna Kournikova infiltrated e-mail inboxes, but cable operators and high-speed providers swatted it away rather easily. Before that, the "Love Bug" virus rendered e-mail traffic to a virtual standstill on some networks.