Date: 08/17/05 (IT Professionals)    Keywords: security, virus, microsoft

Worm strikes down Windows 2000 systems
Problems reported in three continents




WASHINGTON (CNN) -- A fast-moving computer worm Tuesday
attackedcomputer systems using Microsoft operating systems, shutting down
computers in the United States, Germany and Asia.

Among those hit were offices on Capitol Hill, which is in the midst of
August recess, and media organizations, including CNN, ABC and The New York
Times. The Caterpillar Co. in Peoria, Illinois, reportedly also had
problems.

A small number of computers in an administrative office at San
Francisco International Airport also crashed, but they were not essential to
the airport's operation, spokesman Mike McCarron said.

The FBI said the computer problems did not appear to be part of any
widespread attack.

While the worm affects primarily Windows 2000, it also can affect some
early versions of Microsoft XP, said Johannes Ullrich, director of the Sans
Institute, a network security firm based in Jacksonville, Florida.

Symptoms include the repeated shutdown and rebooting of a computer.

Microsoft has a downloadable patch on its security homepage,
Microsoft.com/security, a company spokesperson said. The spokesperson told
CNN that Microsoft would not estimate how many users have been affected and
described the problem as low-impact.

Lysa Myers, a virus researcher for the computer security firm McAfee,
Inc., said the worm exploits a vulnerability in Microsoft's plug-and-play
service. "How it's spreading is it's looking for machines that are unpatched
and running itself," she said.

What was causing the damage was unclear, although experts pointed to a
new worm called worm-rbot.cbq.

David Perry of Trend Micro, an Internet monitoring firm, said the
latest worm may have been derived from the Zotob worm, which was first
reported over the weekend.

Ullrich, of the Sans Institute, said Zotob "will connect to a control
server to ask for instructions. It scans network neighborhoods and tries to
infect them, as well."

Typically, the worm enters a system via a laptop connected to
unsecured networks, Ullrich said. "This laptop will infect your systems from
the inside."

Several versions of the worm have been released, some as late as
Tuesday, he said.

Around 5 p.m. problems began at CNN facilities in New York and Atlanta
before being cleared up about 90 minutes later.

The New York Times also was able to bring its systems back up, and
"newspaper production will not be affected," spokeswoman Kathy Park said.

The White House said it did not have reports of computer problems.

At any given time there are thousands of computer worms and viruses in
existence.

So far, the impact has not been as great as the 2003 Blaster virus
attack, said Jeff Havrila, a technical analyst with the U.S. Computer
Emergency Readiness Team, a coalition of public and private groups that
combats computer attacks.

He noted that improved firewalls and faster patches may have limited
the worm's spread.

He also said it is unclear how long the worm may take to run its
course, noting that many people are away on summer vacation and may be
affected only when they return.

Source: http://www.livejournal.com/community/itprofessionals/17559.html