August 16, 2005

New Worms Hit U.S. Media Outlets, Companies

SEATTLE -- Several new computer worms were being blamed for causing computer system outages at some media outlets and companies in the United States on Tuesday.

The worms, including two called "IRCBOT.WORM" and "RBOT.CBQ," exploit a recently discovered flaw in Microsoft Corp.'s Windows 2000 operating system and were causing personal computers at more than 100 U.S. companies to restart repeatedly and potentially exposed them to attackers who could take control of a system.

"This is the most significant threat we've seen in at least 12 months," said Vincent Gullotto, vice president of the anti-virus emergency response team at McAfee Inc.

But Symantec Corp. and McAfee, the top two computer security companies, as well as Microsoft, said that damage to computer systems on Tuesday was limited and was not likely to cause widespread havoc like other malicious software programs such as SQL Slammer and MyDoom.

CNN, breaking into regular programming, reported on air that personal computers at the cable news network were affected by a worm that caused them to restart repeatedly.

The New York Times and ABC News also reported system outages earlier on Tuesday, causing some to suspect that another recent worm called "Zotob" was behind Tuesday's outages.

Gullotto said, however, that the newly discovered worms were different from Zotob, even though they all, including Zotob, appeared to exploit the same vulnerability in the "Plug-and-Play" feature in Windows 2000, which runs on less than half of the world's personal computers.

Microsoft, which warned users last week of three newly found "critical" security flaws in its software, urged users to update the software on their personal computers to prevent them from being infected.

Microsoft said users with properly updated software, anti-virus software and a firewall can avoid being infected by the worm, a malicious software program that replicates itself over a computer network.

The new "IRCBOT.WORM" and "RBOT.CBQ" worms were different in that they could be controlled by IRC servers, or networked computers that manage chat sessions over the Internet, other security experts said.

"We haven't seen any huge uptick or impact today," said a spokeswoman with Microsoft's security unit, "a fairly small number of customers are being impacted."

Symantec said that it has heard from at least 100 organizations that a group of about eight viruses were targeting individual organizations and was not the Internet as a whole.

"This is not across the Internet but inside organizations," said David Cole, a product management director at Symantec.

CNN , a division of Time Warner Inc., said that computer systems at General Electric Co., United Parcel Service Inc. and Caterpillar Inc. were affected by system outages as well.

A GE spokesman said that there appeared to be no problems with GE's internal network, while UPS said that only a small number of its computers were affected by a worm or system outage.

"There is no impact whatsoever on operations, customer-facing computer systems, service or delivery," said UPS spokesman Norman Black.

Caterpillar officials were not immediately available for comment.

ABC is a division of Walt Disney Co.