CA: Windows 2000 worms now affecting 250,000
LATEST NEWS
- Wellington gears up for Digital Earth summit
- ComCom investigation prompted by "competitors": Sky TV
- New email delays 'different issue', now fixed -Telecom || 2
- Certus Solutions achieves top ranking from SPI Research
- ComCom to investigate Sky TV's contracts with telcos || 3
- Small fortune in the phones we throw away || 1
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
Corporate desktops are hardest hit
By Robert McMillan and James Niccolai | San Francisco | Friday, 19 August, 2005
Malicious software that takes advantage of a recently disclosed vulnerability in Microsoft's Windows operating system has spread rapidly and has now infected more than 250,000 systems, primarily Windows 2000 systems being run in corporate environments, according to security vendor Computer Associates.
The worms received widespread media attention after CNN reported that it had been affected by the problem, but on Wednesday representatives from companies that had been affected downplayed the level of disruption.
Because of the design of the worms, they have largely left home users unaffected and have instead focused on spreading within corporate networks, according to security experts interviewed on Wednesday.
An undisclosed number of internal systems at telecommunications provider SBC Communications were affected by the worms, beginning late on Tuesday, says Wes Warnock, an SBC spokesman, but he says the outages had no effect on the company's voice or data networks.
"It's almost a non-issue. SBC is like any company that was running Windows 2000 and didn't have the patches," he says.
American Express was also hit, according to company spokeswoman Judy Tenzer. "We did experience some issues with some of our computer desktops and much of that has now been resolved," she says. On Wednesday morning, some systems within the company's callcentre were unavailable because of the outages.
Media outlets have been among the hardest hit by the worm. The New York Times confirmed on Wednesday that some of its systems had been infected, and the ABC television network, a unit of Disney, is also reported to have been hit.
While CA is now estimating that more than 250,000 systems have been affected by different variants of the plug-and-play worms, these attacks have received special attention because they have hit media outlets, according to Sam Curry, vice president of CA's eTrust Security Management division. In the past, lesser-reported attacks have hit similar numbers of computers, he says.
"We see numbers climb out into the hundreds of thousands and it never gets attention," he says. "Who gets affected will influence how much publicity this gets."
CA is rating the viruses as a low to medium threat and most of its customers have not generally been widely affected by them, Curry says. "We have little to no escalations from customers that have been affected by it," Curry says. "We have no one saying, 'Oh my God I'm in trouble,' but we do have customers calling up and saying what do I need to know?"
However, McAfee's antivirus response team raised its risk assessment to "high" for one worm variant, called IRCBot worm. Late on Tuesday it said it had received more than 150 reports of the worm either being stopped or infecting users' PCs, mostly in the US but also from Europe and Asia.
By Wednesday, Symantec customers had reported just over 230 instances of the worms, the company says. This was far less than the thousands of reports that the company had received on highly-publicised worm outbreaks such as last year's Sasser worm, Symantec says.
It's certainly not a Sasser; it's certainly not a Slammer," says Russ Cooper, senior information security analyst for Cybertrust. "Our recommendation to our customers is to get patches applied within 90 days, because the normal mechanisms should prevent this from getting to your organisation."
According to Cooper, the best way for corporations to protect themselves from these attacks is to ensure that they secure all the devices that connect to their networks. "These things are getting in through VPN users or though home or travelling users," he says. "This is a common failing in organisations ... they have protection at a gateway, but meanwhile they let their home users connect via VPN."
The worms all stem from a vulnerability reported August 9 in Microsoft's Windows 2000 Plug and Play service. They will cause infected systems to reboot and infected systems are then instructed to download a variety of malicious software that is then used to attack other systems, antivirus vendors say.
A Microsoft web page, What you should know about Zotob, includes links to the patch.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
