New computer virus threatens biz nets

Technology security firm warns the latest strains of the RINBOT or DELBOT virus are starting to multiply rapidly.

By Parija B. Kavilanz, CNNMoney.com staff writer

NEW YORK (CNNMoney.com) -- A disgruntled hacker with a personal grudge against Symantec, which provides anti-virus software to leading Fortune 500 companies, could be behind a new, crippling computer virus that's already hit a division of at least one big U.S. corporation on Thursday.

If it spreads, technology experts warn the latest strains of the insidious RINBOT computer virus could hijack network systems of businesses worldwide.

New strains

Graham Cluley, senior technology consultant with Boston-based IT security firm Sophos, said his company has been aware of "a number" of new versions of the RINBOT or DELBOT virus produced since Feb. 15.

"We believe this latest strain is the 7th version of RINBOT which first emerged in March 2005," Cluley said.

According to Cluley, this version is designed to exploit security vulnerabilities embedded in anti-virus software.

"Traditionally hackers always went after Microsoft's anti-virus programs. But now they're increasingly targeting other commonly used programs such as Symantec programs and others," he said.

Cluley said this strain appears to be hitting MS SQL servers. It looks for networks that run the Microsoft (Charts) Windows operating system, including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. It then spreads through the network by manipulating "weak" spots such as simple passwords.

Getting hijacked

Once it's in, Cluley said the virus quickly spreads and takes over many computers with the intention of turning the network into a botnet, or a "zombie" network.

"Without you knowing it, hackers will use your computer for a variety of purposes like sending out spam, or distributing denial of service attacks, or even blackmailing other Web sites. There was a case where hackers blackmailed a gambling site and said they would bring down the site for a few days unless they were paid thousands of dollars" Cluley said.

Cluley warned that the virus is not geographically limited. "It's very stealthy and insidious and works without you knowing it," he said.

Turner Broadcasting System, a division of Time Warner (Charts) and parent of CNN and CNNMoney.com, confirmed that its systems were hit by a virus Thursday.

"A virus has affected the network and we are actively working to rectify the situation," said company spokeswoman Shirley Powell.

Thomas Parsons, an IT specialist with Symantec (Charts), confirmed to CNNMoney.com that the most recent variants of RINBOT have targeted Symantec's anti-virus programs.

"We're not sure what the motivation is, but we are aware of a hacker that has been adding his own commands into the strain," Parsons said. Using those codes, Parsons said the hacker let it be known that he wasn't happy that Symantec was calling the virus RINBOT. Top of page

Sponsors

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.