The worms, including two called “IRCBOT.WORM” and “RBOT.CBQ”, exploit a recently discovered flaw in Microsoft Corp’s Windows 2000 operating system, causing personal computers at more than 100 US companies to restart
repeatedly and potentially exposing them to attackers who could take control of a system.
“This is the most significant threat we’ve seen in at least 12 months,” said Vincent Gullotto, vice president of the anti-virus emergency response team at McAfee Inc on Tuesday.
But Symantec Corp and McAfee, the top two computer security companies, as well as Microsoft said on Tuesday that damage to computer systems was limited and not likely to cause widespread havoc as did other malicious software programmes such as SQL Slammer and MyDoom.
CNN, breaking into regular programming, reported that personal computers at the cable news network were affected by a worm that caused them to restart repeatedly.
The New York Times and ABC News also reported system outages earlier on Tuesday, causing some to suspect that another recent worm called “Zotob” was behind Tuesday’s outages.
Gullotto said, however, that the newly discovered worms were different from Zotob, even though they all appeared to exploit the same vulnerability in the “Plug-and-Play” feature in Windows 2000, which runs on less than half of the world’s personal computers.
Microsoft said it had found flaws
Microsoft, which warned users last week of three newly found “critical” security flaws in its software, urged users to update the software on their personal computers to prevent them from being infected.
Microsoft said users with properly updated software, anti-virus software and a firewall could avoid being infected by the worm, a malicious software programme that replicates itself over a computer network.
The new IRCBOT.WORM and RBOT.CBQ worms were different in that they could be controlled by IRC servers, or networked computers that manage chat sessions over the internet, other security experts said.
“We haven’t seen any huge uptick or impact today,” said a spokeswoman with Microsoft’s security unit. “A fairly small number of customers are being impacted.”
Symantec said that it had heard from at least 100 organisations that a group of about eight viruses were targeting individual organisations and not the internet as a whole.
“This is not across the Internet but inside organisations,” said David Cole, a product management director at Symantec.