The New York Times Technology
More Articles in Technology >
Skip to article Welcome, vsauter2 - Member Center - Log Out - Help
Technology Home Circuits Product Reviews How To's Deals

Virus Attacks Windows Computers at Companies

Published: August 17, 2005

SAN FRANCISCO, Aug. 16 - A handful of digital worms that exploit vulnerabilities in some Microsoft Windows computers spread on Tuesday, hindering Internet access at some major companies.

The worms, called Zotob and Rbot, and variants of them, started emerging Saturday, computer security specialists said, and continued to propagate as corporate networks came to life at the beginning of the week.

David Cole, director of the security response unit for the Symantec Corporation, which makes anti-virus software, said a growing number of worm writers apparently tried to exploit Microsoft's vulnerability after it was discovered.

The phenomenon of worm and virus creators turning en masse to a new vulnerability is increasingly common. "It's pretty indicative of we've seen recently," Mr. Cole said.

In this case, Mr. Cole said, the worm writers were not necessarily trying to outdo one another but were simply trying to apply their own creative twists and expertise to a known vulnerability.

Some corporations, including The New York Times Company, temporarily took some computers off the Internet and installed security patches to protect computers.

Among those hit was CNN, which reported that hundreds of computers were brought down late Tuesday afternoon in Atlanta and New York.

Laurie Goldberg, a spokeswoman for CNN, said backup computer systems were used and cable operations were not affected.

A spokesman for ABC, Jeff Schneider, told Bloomberg News that the company's computers on the East and West Coasts were affected.

The Associated Press reported that its computers were affected, and there were reports of problems at General Electric, United Parcel Service and Caterpillar.

The impact from the virus appeared to intensify late in the day, said David Perry, director of education for Trend Micro, which makes computer security software. Mr. Perry said that at least 10 major companies had been infected.

"This is a spreading story," he said late Tuesday, noting that there appeared to be seven different worms, and variants of those worms.

Mr. Cole and other specialists said the viruses did not rise to the threat level of some other major viruses, which have had names like Melissa or Code Red.

One reason, Mr. Cole said, is that while the latest worms seem effective at attacking computers within organizations, they are less effective at going after individual computers. Moreover, he said, the worms are targeting Windows 2000 computers, which make up about only a quarter of Windows machines.

Zotob, Rbot and their variants fall under the classification of worm, a kind of infection that automatically probes for weaknesses inside individual computers, then installs itself where there is such a weakness.

The worms in this case exploit a vulnerability inside computers, particularly those running Windows 2000. Once in place, the worm can make an individual computer susceptible to being operated remotely by an intruder, said Art Manion, an Internet security analyst with the CERT Coordination Center, a computer security information clearinghouse at Carnegie Mellon University.

Mr. Perry said that corporations could experience a slowdown in performance of their network as the worm probes individual computers for weaknesses.

A week ago, Microsoft first called attention to the vulnerability in a part of the operating system that controls plug-and-play functions and put out a security patch.

Mr. Perry said that the authors of Zotob, on learning of the vulnerability, had apparently created an effective worm in only a few days, making it one of the "fastest turnarounds" for such an effort.