SAN FRANCISCO (AP) – A computer worm unleashed over the weekend infected more computers on Tuesday running Microsoft operating systems, with Windows 2000 users most seriously affected.
The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as CNN, The Associated Press, The New York Times and Caterpillar Inc.
The worm is causing the most problems at companies with large, networked computer systems, rather than among individual computer users, said David Perry, a security analyst at Trend Micro Inc., a computer security company.
A week ago, Microsoft Corp. released a “critical” patch for the vulnerability, which is most severe on Windows 2000 systems. Those computers can be accessed remotely through the operating system’s “Plug and Play” hardware detection feature.
Protective patches, plus instructions for cleansing infected systems, are available on the company’s Web site.
Perry said the worm copies itself and then searches networks for other unprotected machines, causing no damage to data but clogging networks and occasionally rebooting its host computer.
He called the worm’s effects “small potatoes” in terms of the potential damage, and anticipated that corporate information technology staffs would quickly neutralize the worms. Additionally, Windows 2000 is more than five years old, and Microsoft has released several new versions of its operating system and security overhauls since then, further limiting the exposure.
“We did not see a widespread or fast spread of this in the first 24 hours,” said Debby Fry Wilson, director of Microsoft’s Security Response Center. “Over the last 24 hours, we’ve see variance, where other hackers will take the work and try to unleash a variant of the worm. So the worm continues to take on different forms.”
She said Zotob can attack a computer without needing to open any software, so some users would be infected without knowing it.
Windows Server 2003 and Windows XP systems with major security updates are less vulnerable, but still could be affected by certain remote users or those within local systems, the company said.
—
On the Net:
Microsoft Security site, http://www.microsoft.com/technet/security/default.mspx
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.