Virus disrupts Qwest DSL

White House Web origins to ‘Code Red’

BOULDER — A computer virus that targeted the White House Web site also resulted in widespread disruption of service to Qwest DSL customers and hit Northern Colorado businesses.

“This is something that doesn’t just affect Qwest,´ said company spokeswoman Kate Varden. “This is something that is affecting DSL service nationwide — anyone using a Cisco router.”

SPONSORED CONTENT

Water Wars: Thornton’s struggle and triumph in obtaining Pipeline Permits

Lyons Gaddis understands the complexities and challenges of water and real estate law. This case illustrates an important principle of building water projects: “It never gets easier.”

More specifically, the problem affects the series 600 Cisco external routers that Qwest distributed as part of its Digital Subscriber Line packages. Qwest officials said they had no way of knowing how many of their subscribers were affected by the bug, nor would they disclose how many of the saeries 675 or 678 routers they had distributed.

The Northern Colorado Business Report, in its July 13 issue, reported on customer complaints about DSL disruptions. While Qwest said the problem was not widespread, by last week Qwest DSL help lines were reporting “national” disruptions. It wasn’t until July 20 following more inquiries about the help-line messages that Qwest acknowledged the problem as stemming from the “Code Red Worm.”

“We didn’t have any customer complaints until yesterday,” Varden said on July 19.

The Code Red Worm was targeted at the White House site and geared toward a disruption of service on July 26. Worms typically instruct infected sites to send large amounts of data to a specific network system, effectively shutting down access to that system.

The White House apparently changed the Internet Protocol number to its Web site in order to avoid the disruption. The Associated Press reported that 225,000 network systems across the world have been infected by the Code Red Worm.

Boulder County businesses also reported network outages from the Code Red Worm. The worm attacks Microsoft’s Internet Information Server applications on Windows 2000 and Windows NT 4.0 operating systems.

On sites running that software, the worm disfigures Web pages with the message “Hacked by the Chinese” and disrupts service until software patches have been installed, according to Cisco advisories. In Boulder County, some businesses reported outages of network systems, such as e-mail, last week.

Both Cisco and Microsoft issued advisories last week, but Cisco officials said they first issued an advisory in May that included information regarding its routers. Software patches for all Cisco products have been available since May, said Cisco spokesman Dave Berkowitz, in San Jose, Calif.

The worm affected a number of Cisco products employing the IIS software and propagated itself by scanning for further IP addresses with the software. In what Cisco officials called a “side effect,” the worm also disrupted service from any series 600 router it scanned.

Qwest advisory lines now instruct DSL subscribers to unplug their modems and allow several seconds before restoring power. The advisory also gives a Web page that will link subscribers to a software patch for the routers, which will then end the continual disruption reported by many of the company’s DSL subscribers.

“It’s real easy to get it off your system, the whole problem is it continually re-attacks” the routers used on Qwest DSL lines, said company spokeswoman Claire Maledon.

Still, Qwest seemed to have few answers as to why its subscribers weren’t informed about the problem earlier.

“Once the person has the modem, we don’t play Big Brother and monitor what the customers do with these modems,” Maledon said. “In the users’ manuals that people get, we say big and small that software manufacturers will come up with upgrades and packages all the time.”

The Code Red Worm highlights the need to monitor continually for new computer viruses and to update security systems, said Brad Beaber, technical manager at Aardvark IT Solutions in Broomfield.

“The router is always going to be a little bit vulnerable, because it’s the first thing out there” en route to the Internet, he said. “But it points out the need for a good firewall behind the router. That provides protection from it getting any further.”