Several new variants of a computer worm emerged today to attack corporate networks running the Windows 2000 operating system, just a week after Microsoft Corp. warned of the security flaw.
SAN FRANCISCO — Several new variants of a computer worm emerged today to attack corporate networks running the Windows 2000 operating system, just a week after Microsoft Corp. warned of the security flaw.
As experts predicted, the Windows hole proved a tempting target for rogue programmers, who quickly developed more effective variants on a worm that surfaced over the weekend and by Tuesday had snarled computers at several large companies.
Among companies affected by the worm and its variations were ABC, CNN, The Associated Press, The New York Times and Caterpillar Inc. In California, San Diego County said it needed to cleanse 12,000 computers of the bug. ABC News producers had to use electric typewriters Tuesday to prepare copy for their “World News Tonight” broadcast, according to spokesman Jeffrey Schneider.
Today, four new variants of the worm had been detected by F-Secure Corp. in Finland, bringing the total to 11, said Mikko Hypponen, the company’s manager of anti-virus research. He said the variations apparently had been programmed to compete with each other — one worm will remove another from an infected computer.
Estimates of how many computers are affected are difficult to come by because the worm travels directly over Internet connections rather than through e-mail. But Hypponen said reports of problems were isolated in Europe and Asia, and it appeared the worst damage was happening on U.S. computers.
That means this worm will likely create far less havoc than other notable exploits in recent years, such as Sasser or Blaster, he added.
Most anti-virus companies rated the threat as low to moderate this morning. McAfee Inc. considered one variant of the worm a high risk, but it categorized other versions as low risk.
Dave Cole, director of security response for Symantec Corp., said the threat appeared to have stabilized despite the appearance of new variants. He said most companies, by now, have applied the necessary software fixes to address the underlying vulnerability.
“The vast majority of the big infections have taken place,” he said.
The worms caused the most problems at companies with large, networked computer systems, rather than among individual computer users, David Perry, a security analyst at Trend Micro Inc., a computer security company, said Tuesday. The worms can attack a system without needing to open any software, so some users would be infected without knowing it.
Microsoft Corp. released a “critical” patch Aug. 9 for the vulnerability, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature. Protective patches, plus instructions for fixing infected systems, are posted on Microsoft’s Web site.
Companies that were slow to bolster their systems when Microsoft issued its security alert about the flaw may have left themselves vulnerable to the worm, said David Maynor, a security researcher with Atlanta-based Internet Security Systems Inc.
He said some IT professionals who considered their networks safe because they run Windows XP or 2003 were mistaken. The worms are automated Internet “bots” that need find only one unprotected computer running Windows 2000 within a network to propagate in the system.
Perry said the worm copies itself and then searches networks for other unprotected machines, causing no damage to data but clogging networks and rebooting its host computer.
“We did not see a widespread or fast spread of this in the first 24 hours,” said Debby Fry Wilson, director of Microsoft’s Security Response Center. “Over the last 24 hours, we’ve see variance, where other hackers will take the work and try to unleash a variant of the worm. So the worm continues to take on different forms.”
Caterpillar worked Tuesday to clean up effects from the worm, which disrupted computer operations at several plants and offices over the weekend, the Peoria Ill.-based heavy equipment maker said. The problem was controlled by Monday afternoon, company spokesman Rusty Dunn said.
San Diego County officials assembled a 200-person team to mend the computers and said it could fix about 3,000 a day.
A patch for the security hole is available at www.microsoft.com/technet/security/Bulletin/MS05-039.mspx