CA: Windows 2000 worms now affecting 250,000

Malicious software that takes advantage of a recently disclosed vulnerability in Microsoft Corp.’s Windows operating system has spread rapidly and has now infected more than 250,000 systems, primarily Windows 2000 systems being run in corporate environments, according to security vendor Computer Associates International Inc. (CA).

The worms received widespread media attention after Cable News Network LP LLLP (CNN) reported that it had been affected by the problem, but on Wednesday representatives from companies that had been affected downplayed the level of disruption.

An undisclosed number of internal systems at telecommunications provider SBC Communications Inc. were affected by the worms, beginning late Tuesday, said Wes Warnock, an SBC spokesman, but the outages had no effect on the company’s voice or data networks, he added.

“It’s almost a non-issue. SBC is like any company that was running Windows 2000 and didn’t have the patches,” he said.

American Express Co. was also hit, according to company spokeswoman Judy Tenzer. “We did experience some issues with some of our computer desktops and much of that has now been resolved,” she said. On Wednesday morning, some systems within the company’s call center were unavailable because of the outages.

While CA is now estimating that more than 250,000 systems have been affected by different variants of the plug-and-play worms, these attacks have received special attention because they have hit media outlets, according to Sam Curry, vice president of CA’s eTrust Security Management division.

In the past, lesser-reported attacks have hit similar numbers of computers, he said. “We see numbers climb out into the hundreds of thousands and it never gets attention,” he said. “Who gets affected will influence how much publicity this gets.”

CA is rating the viruses as a low to medium threat and most of its customers have not generally been widely affected by them, Curry said. “We have little to no escalations from customers that have been affected by it,” Curry said. “We have no one saying, ‘Oh my God I’m in trouble,’ but we do have customers calling up and saying what do I need to know?”

However, McAfee Inc.’s antivirus response team raised its risk assessment to “high” for one worm variant, called IRCBot worm. Late Tuesday it said it had received more than 150 reports of the worm either being stopped or infecting users’ PCs, mostly in the U.S. but also from Europe and Asia.

The worms all stem from a vulnerability reported Aug. 9 in Microsoft’s Windows 2000 Plug and Play service. They will cause infected systems to reboot and infected systems are then instructed to download a variety of malicious software that is then used to attack other systems, antivirus vendors said.

Microsoft’s Web page, “What you should know about Zotob,” includes links to the patch and was updated Tuesday at this Web site

Customers in the U.S. and Canada who think they have been infected can call Microsoft’s Product Support Services at 1-866-PCSAFETY, Microsoft said. There is no charge for calls to do with security update issues or viruses, it said.

International customers should refer to its Security Help and Support for Home Users Web site, it said.

Related Download
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center Sponsor: Lenovo
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center
Find out how Hyperconverged systems can help you meet the challenges of the modern IT department. Click here to find out more.
Register Now