Windows 2000 worm hits American firms

Several new computer worms were being blamed for causing computer system outages at some media outlets and companies in the US…

Several new computer worms were being blamed for causing computer system outages at some media outlets and companies in the US.

The worms, including two called "IRCBOT.WORM" and "RBOT.CBQ", exploit a recently discovered flaw in Microsoft's Windows 2000 operating system and were causing personal computers at more than 100 US companies to restart repeatedly and potentially exposed them to attackers who could take control of a system.

"This is the most significant threat we've seen in at least 12 months," said Vincent Gullotto, vice president of the anti-virus emergency response team at McAfee.

But Symantec and McAfee, the top two computer security companies, as well as Microsoft, said that damage to computer systems reported last night was limited and was not likely to cause widespread havoc like other malicious software programs such as Slammer and MyDoom.

READ MORE

CNN, breaking into regular programming, reported on air that personal computers at the cable news network were affected by a worm that caused them to restart repeatedly.

The New York Times and ABC News also reported system outages earlier, causing some to suspect that another recent worm called "Zotob" was behind the outages.

Mr Gullotto said, however, that the newly discovered worms were different from Zotob, even though they all, including Zotob, appeared to exploit the same vulnerability in the "Plug-and-Play" feature in Windows 2000, which runs on less than half of the world's personal computers.

Microsoft, which warned users last week of three newly found "critical" security flaws in its software, urged users to update the software on their personal computers to prevent them from being infected.

Microsoft said users with properly updated software, anti-virus software and a firewall can avoid being infected by the worm, a malicious software program that replicates itself over a computer network.

The new "IRCBOT.WORM" and "RBOT.CBQ" worms were different in that they could be controlled by IRC servers, or networked computers that manage chat sessions over the Internet, other security experts said.

"We haven't seen any huge uptick or impact today," said a spokeswoman with Microsoft's security unit, "a fairly small number of customers are being impacted."

Agencies