update Network worms are shutting down computers running Microsoft's Windows 2000 operating system, security experts warned Tuesday.
Computers across the United States are being hit, including those at cable news station CNN, television network ABC and The New York Times. Tokyo-based antivirus company Trend Micro blames the havoc on various worms, including the Zotob worm that hit the Internet over the weekend and new variants of the Rbot worm.
All of the worms exploit a security hole in the plug-and-play feature in the Windows 2000 operating system. Microsoft offered a fix for the bug as part of its monthly patching cycle last week. The software maker deemed the issue "critical," its most serious rating.
"It seems like every couple of minutes a new variant comes in. We cannot pinpoint the infections to one variant," said Joe Hartmann, director of the antivirus research group at Trend Micro. "We are still gathering infection reports. It is coming globally."
Symptoms of infection include the repeated shutdown and rebooting of a computer, Trend Micro said.
Microsoft is investigating the reports of the worm outbreak, the company said in a statement. It lists "Worm_Rbot.CEQ," an Rbot variant, as the possible cause of the trouble.
Inside jobThe multiple worms are hitting individual organizations rather than computer users at large, said Johannes Ullrich, chief research officer at the SANS Institute, an Internet security training and research outfit.
"These worms are not having an impact on the Internet," Ullrich said. "They do have a substantial effect on organizations running Windows 2000 without last week's Microsoft patch installed."
The pain is being felt "on the inside," agreed David Cole, the director of product management at Symantec Security Response. The worms might slither onto the networks of companies with Windows 2000 systems from an infected laptop that has been used outside the corporate firewall, for example, he said.
"It gets inside an organization and then it bounces around and wreaks havoc," Cole said.
The New York Times has been hit by the virus, but the assault has not impacted the delivery of the news, said a spokeswoman for the publication.
"The Web site was not affected and newspaper production will not be affected," the representative said. The internal systems of the paper are "operational," the representative added, but she did not state what degree of impact the worm had had on its internal operations.
Walt Disney's ABC News and Time Warner's CNN confirmed in postings to their Web sites that their computers had been hit.
Which worm done it?
Experts have different opinions on the cause of the latest infections. The SANS Internet Storm Center, which tracks network threats, attributes Tuesday's trouble to Zotob, which keeps mutating and finding new victims. "As seen with prior TCP worms, it is reaching its peak around three days after the outbreak," SANS said on its Web site.
The security issue exploited by the worm also affects the newer Windows XP and Windows Server 2003, but only PCs running Windows 2000 are susceptible to a remote attack, Microsoft has said.
There are desktop and server versions of Windows 2000, which was released in 2000 for business users rather than consumers. More
Play video
Service Pack Manager is extremely effective and efficient patch management deployment tool. It gives me 100% control over the patch deployment process in our environment. It lets me patch when I want and what I want. The tool also seamlessly ties into Microsoft's websites so I can research a patch while I am in the application. We also use SPM to update Internet Explorer, Office and ISA with ease. Overall Service Pack Manager is a very affordable, low learning curve application which I would recommend to anyone
Posted by Marshall Doss on Thursday, August 18 2005 10:03 PM