By Bob Sullivan Technology correspondent
updated 8/16/2005 9:10:30 PM ET 2005-08-17T01:10:30

At least one of several computer viruses that have been circulating the Internet in recent days hit high-profile media targets in the United States on Tuesday.

CNN reported on air that its computer network, running Windows 2000, had been hit, causing enough disruption that the cable network had to make some programming changes Tuesday evening. A worm also hit computers at the New York Times, but the impact there was limited, the company said.

The reports come a week after Microsoft announced a new vulnerability in older versions of Windows as part of its monthly release of security patches. (MSNBC is a Microsoft - NBC joint venture.)

Joe Hartmann, director of antivirus research at Trend Micro, said about a dozen corporate clients had reported receiving one of the worms since the Microsoft announcement last week. The firm labeled the threat a "yellow alert."

Lysa Myers, a spokeswoman for McAfee, said about 25 clients had been hit, most late Tuesday afternoon.

About 10 Internet worms are currently making their way around the Internet, targeting the new Microsoft vulnerability, said Mikko Hyppönen, a spokesman for F-Secure. They have names like Zotob and RBot, though antivirus companies have yet to agree on their nomenclature.  

The worms attack computers quietly, in the background, similar to how the infamous Nimda and Code Red worms operated. There's no need to open an e-mail attachment. With so many variants making their way around the Internet, vulnerable computers are sure to be infected, Hypponen said.

Still, the worms' impact will likely be muted because the vulnerability doesn't affect Windows XP, the most popular flavor of Windows. Only computers running the older Windows 2000 version, and other older versions of Windows, were vulnerable to the attacks — and then only if they had not installed the patch released last week. By various measures, more than three quarters of all Windows computers now use the XP version.

"It is pretty serious, but it only impacts some companies," Hyppönen said. Firms with well-structured firewalls are also protected, he said.

It was not immediately clear what worm struck CNN's computers, but reporters on air speculated that it was either RBot or Zotob. They showed computers continuously rebooting by themselves, an apparent effect of the worm.

At the New York Times, several computers were hit by a worm earlier in the day. "Not all computers were affected, and we don’t expect it to have an impact the paper," spokeswoman Catherine Mathis said.

Reuters reported that some computers at ABC News were also impacted.

The Internet Storm Center, which tracks the worldwide impact of computer worms, indicated on its Web site that no major Internet attack was under way.

"Likely this is an isolated event, which became newsworthy because CNN got infected. We do not see any new threats at this point," the site read.

Microsoft announced the vulnerability Aug. 9. It's become standard practice for virus writers to jump quickly when such vulnerabilities are announced, releasing worms designed to attack the weak points before consumers and system administrators can install patches to defend against the attacks.

In the days since Microsoft's announcement, virus writers have released several variants of both Zotob and RBot, along with updated versions of older worms named SD-Bot and IRC-Bot, designed to take advantage of the newly discovered flaw.

Antivirus firms are having a difficult time distinguishing between the various strains. They advise computer users to update their anti-virus software and apply the latest Microsoft patches to protect their computer systems. The patch designed to protect against the vulnerability attacked by Zotob and RBot can be downloaded from Microsoft's Web site.

© 2013 Reprints


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments