My Cisco 678 DSL modem is toast today after getting hit by the worm. That was unexpected. Might have thought QWest would have emailed security bulletins to their subscribers. Anyway...
From
http://www.cert.org/advisories/CA-2001-23.html:CERT® Advisory CA-2001-23 Continued Threat of the "Code Red" Worm
Original release date: July 26, 2001
Last revised: July 30, 2001
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Microsoft Windows NT 4.0 with IIS 4.0 or IIS 5.0 enabled and Index Server 2.0 installed
Windows 2000 with IIS 4.0 or IIS 5.0 enabled and Indexing services installed
Cisco CallManager, Unity Server, uOne, ICS7750, Building Broadband Service Manager (these systems run IIS)
Unpatched Cisco 600 series DSL routers
Overview
Since around July 13, 2001, at least two variants of the self-propagating malicious code "Code Red" have been attacking hosts on the Internet (see CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL). Different organizations who have analyzed "Code Red" have reached different conclusions about the behavior of infected machines when their system clocks roll over to the next month. Reports indicate that there are a number of systems with their clocks incorrectly set, so we believe the worm will begin propagating again on August 1, 2001 0:00 GMT. There is evidence that tens of thousands of systems are already infected or vulnerable to re-infection at that time. Because the worm propagates very quickly, it is likely that nearly all vulnerable systems will be compromised by August 2, 2001.