New worms caused the computers in over 100 companies across the United States to restart repeatedly. Security experts warned Wednesday that attackers could potentially take control of those flawed computer systems.
Among those being hit are large media organizations, including the cable news station CNN, television network ABC and The New York Times. Antivirus companies blamed the havoc on various worms, including the Zotob worm that hit the Internet over the weekend and new variants of the Rbot worm.
All of the worms exploit a security hole in the plug-and-play feature in Microsoft Windows 2000 operating system. The software maker offered a critical fix for the bug last week, but experts said many users have not yet installed the patch.
Symptoms of infection include the repeated shutdown and rebooting of a computer, said experts with F-Secure, a Finnish anti-virus company.
The worms replicate by scanning machines, and when a victim is found, they use the exploit code to download the main virus file from infected machine, meanwhile scanning for more targets, the company said in a statement.
Some security researchers claimed the outbreak is tied to a "war" between rival virus writers. "We seem to have a botwar on our hands," Mikko Hypponen, chief research officer at F-Secure said.
"There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines," he said.
Individual organizations, rather than computer users at large, are most badly hit by the worms, experts said.
The pain is being felt "on the inside," according to US anti-virus software maker Symantec. The worms might slither onto the networks of companies with Windows 2000 systems from an infected laptop that has been used outside the corporate firewall.
Although there are several worms that exploit the Windows plug-and-play flaw, they all can be cleaned with software tools and be prevented with security patch, security experts said. Most anti-virus firms have set the alert level at "middle, " expecting the spread to be limited.
(Xinhua News Agency August 18, 2005)
|