August 17, 2005

Computer Virus Writers Moving Faster with Attacks

SAN FRANCISCO -- U.S. media companies and other corporations hit by a wave of computer viruses this week said business was back to normal on Wednesday, but analysts warned the attacks showed hackers have gained a dangerous advantage in speed in the battle over network security.

ABC news writers resorted to typewriters to prepare copy for the "World News Tonight" broadcast on Tuesday, as the network and other media companies, including The New York Times, reported disruptions. CNN broke into programing with descriptions of its problems.

"Our systems are now working and our Web site is updated," said Jeffrey Schneider, a spokesman at ABC.

Although damage was seen limited to several thousand computers, security analysts said the events showed malicious code writers are accelerating the development of viruses as soon as weaknesses become apparent.

"These guys have gotten a lot faster ... they are doing it faster than managers can keep up with," said F-Secure virus researcher Ero Carrera.

That sets up a race between technology managers who must update their systems and virus writers aiming to exploit holes before they are "patched" to fix a vulnerability.

Vincent Gullotto, vice president of the anti-virus emergency response team at McAfee Inc., estimated that thousands of machines were affected by viruses in recent days, including two called "IRCBOT.WORM" and "RBOT.CBQ."

The viruses exploited recently discovered flaws in Microsoft Corp.'s Windows 2000 operating system, causing thousands of personal computers to restart repeatedly.

The viruses also potentially exposed computers to attackers who could take control of a system, launch future virus attacks and potentially glean personal data without a user's knowledge.

Symantec Corp. put the threat of the medley of viruses at an "elevated threat" of "2" on a scale where "4" is the most severe virus-threat level, according to Alfred Huger, Symantec's senior director of engineering.


Microsoft warned users last week of three "critical" security flaws in its software and urged users to update the software on their personal computers with "patches" to prevent them from being infected -- and within a few days, code writers had written and released viruses to exploit the flaws.

A few years ago, it would have been several weeks or months -- not days -- before a virus was released to exploit flaws in Windows, analysts said.

The Slammer worm, which came in January 2003 and was estimated to have caused hundreds of millions of dollars in damages, appeared several months after Microsoft released a patch for a vulnerability.

Just as problematic is that computer systems' protection programs are often updated more slowly than the speed of virus writers' ability to release viruses.

Malicious code writers also are starting to piggy-back on the grassroots popularity of instant messaging (IM) among office workers to deliver viruses, though the use of IM to spread viruses in recent days had not yet been established, some analysts said.

"We have seen increased used of IM (to spread viruses), but we don't believe believe any of these viruses were spread by IM," Symantec's Huger said.