Attack on White House website has NZ echoes

By PETER GRIFFIN

A fast-spreading computer virus called Code Red, which targeted the White House, has shut down a number of New Zealand companies and slowed internet access.

The "denial of service" attack hit thousands of web servers as the worm exploited a security hole in Microsoft's Internet Information Servers (IIS) software. Millions of users have the software.

At midday yesterday the 250,000 or so web servers thought to be infected by the worm bombarded the White House website with vast amounts of data.

However, website administrators acted quickly by switching the site's IP (internet protocol) address, allowing the site to remain online and unaffected during the attack.

A design flaw in the worm also meant the attack went off half-cocked, with many of the infected computers failing to send the huge amounts of data they were supposed to as part of the onslaught.

But while the Code Red worm failed to deliver a knock-out blow, a number of local companies were counting the cost of not downloading the latest security protection from Microsoft.

One Wellington internet service provider, which did not want to be named, said the worm brought down one of its servers early yesterday and a number of its customers had been similarly affected.

Internet provider Radionet confirmed that customers had been infected but would not say how many.

However, the "big three" internet service providers, Clear, Xtra and ihug, downplayed the effects of the Code Red worm on their networks, reporting no drops in service levels.

Ihug director Tim Wood said only 15 customers using web servers hosted on ihug's network had been infected. The virus was especially interesting, he said, because it did not rely on e-mail.

Microsoft spokesman Richard Burt said the security patch for IIS had been available in New Zealand for a month.

He was unaware of reports that Microsoft's global update website had been defaced as a result of the attack. However, several web surfers trying to access the site yesterday morning sent the Weekend Herald screen shots of a message reading "Hacked by Chinese!" where Microsoft information should have been displayed.

Arjon de Landgraaf of internet security company Co-logic said a worm attack of this magnitude had not been seen before and the trail left by the worm could cost NZ digital subscriber line users dearly because they had to pay for bandwidth usage.

White House website