By Brian Krebs and Mike Musgrove
Washington Post Staff Writers
Wednesday, August 17, 2005
A new Internet worm infected and disrupted computers and networks at CNN, ABC and the New York Times yesterday.
Security experts said the worm is a variant of Zotob, which first appeared on Sunday and does not limit its attack to media companies. Zotob infected computers running Microsoft Corp.'s Windows 2000 operating system. A spokeswoman for Microsoft said yesterday that the company does not know yet whether the new software, which it has named worm_rbot.ceq, is a version of that worm.
Ken Dunham, director of malicious code at the Reston-based computer security firm iDefense Inc., said his company had also seen networks for companies in the financial, medical and computer services industries compromised by the troublesome software.
If the new worm is related to Zotob, the malicious software takes advantage of a Windows security flaw that Microsoft first detailed and provided a fix for last week. Microsoft is posting the latest information it has on the outbreak, including the patch it released last week, at http://www.microsoft.com/security .
Though Microsoft issued the patch last Tuesday, hackers worked faster than the tech teams at some companies, Dunham said. Companies may find that infected networks will take "days, if not weeks, to repair," he said.
"If you aren't patched, you're going to get hit pretty hard," he said.
The worm, if successfully installed on a computer, could be used by hackers to gain remote access to a compromised computer, he said.
ABC News spokesman Jeffrey Schneider said the worm knocked out computers for two hours in the network's newsrooms on the East and West coasts.
"This was the first time I've seen writers at 'World News Tonight' banging away on electric typewriters," Schneider said.
On CNN yesterday afternoon, Wolf Blitzer reported that a computer worm had taken out many of the news networks' computer systems in Atlanta, New York and other bureaus around the country. The cable channel showed pictures of an infected CNN computer constantly rebooting.
Kathy Park, a spokeswoman for the New York Times, said the newspaper was battling a similar problem. She said the outage affected computers in news bureaus around the country that were connected to the New York office's network.
The Zotob worm was unleashed over the weekend, though it attracted little attention outside of computer-security circles. According to computer-security firm Trend Micro Inc., the original worm and a sequel compromised about 1,000 computers.
Krebs is a staff writer for washingtonpost.com.