Major news organizations hit by worm attack

A computer worm targeting corporate networks with the Windows 2000 operating system arrived less than a week after Microsoft Corp. warned of the security flaw.

As experts predicted, the Windows hole proved a tempting target for rogue programmers, who quickly developed more effective variants on a worm that surfaced over the weekend and had snarled computers at several large companies by Tuesday.

Among companies affected were ABC, CNN, The Associated Press, The New York Times and Caterpillar Inc. In California, San Diego County said it needed to cleanse 12,000 computers of the bug. The Wall Street Journal reported that ABC news producers had to use electric typewriters Tuesday to prepare copy for their "World News Tonight" broadcast.

The worm is causing the most problems at companies with large, networked computer systems, rather than among individual computer users, David Perry, a security analyst at Trend Micro Inc., a computer security company, said Tuesday.

According to Bloomberg, Microsoft, whose Windows runs almost 95 percent of the world's personal computers, said the worm takes advantage of a flaw that it disclosed on Aug. 9 along with a software update to fix it. The time between the disclosure of a flaw and the creation of a program to exploit the fault has been decreasing from months to days over the last four years.

"There is a potential for additional infection outside of the U.S., because any Windows 2000 system that hasn't been patched yet is vulnerable," said Joe Hartmann, a researcher for Trend Micro in Tokyo.

Microsoft said a patch for the security hole is available at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx.

Patrick Runald, a senior anti-virus consultant with F-Secure, the computer security firm said he was surprised that companies had allowed what was in effect a re-run of previous attacks.

"Companies are aware that there are vulnerabilities in Windows which they should police. It seems most likely that at each of the infected companies employees have used laptops outside corporate firewalls that were infected and then linked back into the network."

The worms that have hit this week gain access to computers via a piece of software included in Windows 2000 called "Plug and Play", which is designed to aid adding new hardware and programmers to a computer, informs Times.