Homepage

News > Technology
    SAVE   |   EMAIL   |   PRINT   |   RSS  
Windows 2000 attacked
Computer worm is suspected culprit in widespread shutdowns at companies and government offices.
August 16, 2005: 7:25 PM EDT

WASHINGTON (CNN) - A computer worm unleashed itself on systems running Microsoft's Windows 2000 Tuesday, causing computer systems to crash across the United States and reportedly as far away as Germany and Asia.

Computers on Capitol Hill in Washington were affected, as were systems at CNN, ABC and The New York Times. The Caterpillar Co. in Peoria, Ill. was also reportedly affected.

Around 5 p.m., computers began crashing at CNN facilities in New York and Atlanta. ABC said their problems began in New York about 1:30 p.m.

A spokesperson for Microsoft told CNN that the company was aware of Tuesday's problems. Microsoft would not estimate how many users had been affected but described the problem as low-impact.

David Perry of Trend Micro said that the attack seems to have been triggered by a new worm, called worm--rbot.ebq. He said that the symptoms of computers repeatedly shutting down and rebooting was consistent with that virus.

Johannes Ullrich, director of the Sans Institute, a network security firm in Jacksonville, Fla., said the outage may also have been caused by the Zotob worm, which was released last weekend.

"It will connect to a control server to ask for instructions. It scans network neighborhoods and tries to infect them as well," he said.

Several versions of the worm have been released, some as late as Tuesday, he said.

While the worm primarily affects Windows 2000, it can also affect some early versions of Microsoft XP, he said.

Microsoft first announced the vulnerability in Windows 2000's Plug and Play system on Tuesday, Aug. 9.

Virus writers had responded to the vulnerability within days.

Lysa Myers, a virus researcher for the computer security firm McAfee, said the worm exploits a vulnerability in a Microsoft plug-and-play application. "How it's spreading is it's looking for machines that are unpatched and running itself," she said.

At any given time, there are thousands of computer worms and viruses in existence. Most are stopped from becoming widespread problems by anti-virus software.

The Internet Storm Center, which monitors network security attacks, on Friday, Aug. 12, upgraded its threat level to yellow ("currently tracking a significant new threat") in response to Zotob but returned it to green ("everything is normal") on Tuesday, Aug. 16, in recognition that the worm was not spreading quickly.

In response to the computer slowdowns Tuesday afternoon, anti-virus software company Symantec reported limited Zotob activity to CNN/Money.

On Monday the company updated the Plug and Play security advisory it had issued last week to account for variations of Zotob, according to InformationWeek.

Microsoft created a site called "What You Should Know About Zotob" that includes actions to be taken to counter the worm. The site is located here.

______________________

For all the latest technology headlines, click here.  Top of page

graphic


YOUR E-MAIL ALERTS
Follow the news that matters to you. Create your own alert to be notified on topics you're interested in.

Or, visit Popular Alerts for suggestions.
Manage alerts | What is this?