/ 17 August 2005

Worm sends reporters scrabbling for typewriters

A computer worm targeting corporate networks with the Windows 2000 operating system arrived less than a week after Microsoft warned of the security flaw.

As experts predicted, the Windows hole proved a tempting target for rogue programmers, who quickly developed more effective variants on a worm that surfaced over the weekend and had snarled computers at several large companies by Tuesday.

Among companies affected were ABC, CNN, The Associated Press, The New York Times and Caterpillar. The Wall Street Journal reported that ABC news producers had to use electric typewriters on Tuesday to prepare copy for their World News Tonight broadcast.

The worm is causing the most problems at companies with large, networked computer systems, rather than among individual computer users, David Perry, a security analyst at Trend Micro, a computer security company, said on Tuesday.

Microsoft released a ”critical” patch on August 9 for the vulnerability, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system’s ”Plug and Play” hardware detection feature.

Protective patches, plus instructions for remedying infected systems, are posted on Microsoft’s website.

Companies that were slow to bolster their systems when Microsoft issued its security alert about the flaw may have left themselves vulnerable to the worm, said David Maynor, a security researcher with Atlanta-based Internet Security Systems.

He said some IT professionals who considered their networks safe because they run Windows XP or 2003 were mistaken. The worms are automated Internet ”bots” that need find only one unprotected computer running Windows 2000 within a network to propagate in the system.

Perry said the worm copies itself and then searches networks for other unprotected machines, causing no damage to data but clogging networks and rebooting its host computer.

”We did not see a widespread or fast spread of this in the first 24 hours,” said Debby Fry Wilson, director of Microsoft’s Security Response Centre.

”Over the last 24 hours, we’ve see variance, where other hackers will take the work and try to unleash a variant of the worm. So the worm continues to take on different forms.”

Security company McAfee Inc. rated the worm a ”high risk” threat, though rivals generally described the threat as moderate.

The worms can attack a system without needing to open any software, so some users would be infected without knowing it.

Caterpillar worked on Tuesday to clean up effects from the worm, which disrupted computer operations at several company plants and offices over the weekend, the Peoria, Illinois-based heavy equipment maker said. The problem was controlled by Monday afternoon, said company spokesperson Rusty Dunn said.

In California, officials at government offices in San Diego County said 12 000 computers needed to be cleansed of the bug. They assembled a 200-person team to mend the computers and said it could fix about 3 000 a day. – Sapa-AP