>My Cisco 678 DSL modem is toast today after getting hit by the worm. That was unexpected. Might have thought QWest would have emailed security bulletins to their subscribers. Anyway...
>
>From http://www.cert.org/advisories/CA-2001-23.html:
>
>CERT® Advisory CA-2001-23 Continued Threat of the "Code Red" Worm
>Original release date: July 26, 2001
>Last revised: July 30, 2001
>Source: CERT/CC
>
>A complete revision history can be found at the end of this file.
>
>Systems Affected
>Microsoft Windows NT 4.0 with IIS 4.0 or IIS 5.0 enabled and Index Server 2.0 installed
>Windows 2000 with IIS 4.0 or IIS 5.0 enabled and Indexing services installed
>Cisco CallManager, Unity Server, uOne, ICS7750, Building Broadband Service Manager (these systems run IIS)
>Unpatched Cisco 600 series DSL routers
>
>Overview
>
>Since around July 13, 2001, at least two variants of the self-propagating malicious code "Code Red" have been attacking hosts on the Internet (see CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL). Different organizations who have analyzed "Code Red" have reached different conclusions about the behavior of infected machines when their system clocks roll over to the next month. Reports indicate that there are a number of systems with their clocks incorrectly set, so we believe the worm will begin propagating again on August 1, 2001 0:00 GMT. There is evidence that tens of thousands of systems are already infected or vulnerable to re-infection at that time. Because the worm propagates very quickly, it is likely that nearly all vulnerable systems will be compromised by August 2, 2001.

Your router doesn't run IIS/Indexing Service, does it? How could it be affected?

...unless one of your computers behind your router got infected and CodeRed has a payload that can reconfigure your router from the LAN side...

...probably a good reason to change the admin password on your router (assuming it has one)