Is it a DDoS when a worm causes administrative DoS? (firewalling, enforcing a previously non-enforced contract..) If so, Code Red & Microsoft win again. Really too bad; a lot of the residential customers would not be running IIS but something else on other-than-NT systems. http://dailynews.yahoo.com/h/nm/20010808/wr/tech_codered_att_dc_1.html Worms Prompt AT&T to Unplug Customer Web Sites SAN FRANCISCO (Reuters) - To keep the spread of the Code Red worms from slowing down its cable Internet network, AT&T Corp. (NYSE:T - news) is blocking access to Web servers that residential customers are running, a spokeswoman said on Wednesday. ``We are trying to protect our greater user population as a whole,'' said AT&T spokeswoman Sarah Eder. The company provides cable Internet access to 1.35 million residential customers, she said. By blocking incoming traffic to Web servers, AT&T is effectively shutting down the Web sites, which residential customers are not supposed to be operating anyway, Eder said. ``According to our official use policy, customers are not permitted to operate Web servers behind cable modems,'' she said. Commercial customers of AT&T's cable Internet service are not affected, she added. The Code Red worms spread through a hole in Microsoft Corp.'s Internet Information Server Web software running on Windows NT and 2000 computers and then scan the Internet looking for new computers to infect. Code Red II, which surfaced on Saturday, leaves a ``back door'' on infected computers, making them vulnerable to future hacking. Code Red II also spreads more quickly, looking for computers in close proximity or the same network to infect rather than random computers on the Internet, like Code Red I does. This scanning of the local neighborhoods is slowing down cable modem networks, where subscribers share bandwidth.