Network News

X My Profile
View More Activity

A Media Worm?

(Editor's note: For more information see this Post story by Brian Krebs and Mike Musgrove.)

A number of media companies said today that their newsrooms were battling a new Internet worm that was taking advantage of a Windows security flaw that Microsoft Corp. first detailed just one week ago. We warned in Security Fix readers about this particular worm, dubbed Zotob, on Sunday.

ABC News had an extensive outage today due to infections from the Zotob worm or one of its variants, which knocked out computers in the network's newsrooms on the East and West coasts today, said ABC News Vice President Jeffrey Schneider. The outage lasted about two hours, he said.

"This was the first time I've seen writers at World News Tonight banging away on electric typewriters," Schneider said.

CNN's Wolf Blitzer is reporting that a computer worm has taken out many of their computer systems in Atlanta, New York and in other bureaus around the country, showing pictures of a computer constantly rebooting after being infected by the worm. CNN spokeswoman Edie Emery said the outage affected computers across the country, but that at no time did the outage affect the company's ability to report the news. A staffer I spoke with earlier from CNN's Washington bureau said many reporters in the company's New York and Atlanta bureaus relied on other bureaus to file their stories for them.

A friend at the New York Times called to say the newspaper was battling a similar problem.  Times spokeswoman Kathy Park said the outage affected computers in news bureaus around the country that were connected to the New York office's network.

It's difficult to say whether this was a targeted attack or this worm just happened to get inside these media companies. Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, said one theory could be that reporters from the different newsrooms were covering the same news event using their laptops when somehow the network they were filing from got infected. But that's just a wild theory, nothing more.

If you want to know how to protect your computer from this latest Microsoft flaw, see the blog posting "Patch Now or Else."

 

By Brian Krebs  |  August 16, 2005; 7:02 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: A Media Worm?
Next: A Media Worm?

Comments

There is nothing wrong with hacking, of any sort

Posted by: mr blank | August 16, 2005 7:42 PM | Report abuse

It's Time to look at Linux...And the real cost of M$ windows....

Posted by: MikeBMW | August 16, 2005 7:49 PM | Report abuse

Possibly their machines couldn't be updated since MS pulled support for W2K on a number of platforms previously supported.

Posted by: anon | August 16, 2005 7:51 PM | Report abuse

Possibly their machines couldn't be updated since MS pulled support for W2K on a number of platforms previously supported.

Posted by: anon | August 16, 2005 7:52 PM | Report abuse

Some companies have computers that can't be easily updated because they are based on a specific computer "image", a version of the operating system specific to the company. Patches are then not always installed as quickly as they should be, as they must be authorized and distributed, instead of using the "Windows Update" site. This can really cause a mess, especially when users don't have the computer file access rights they need to defend themselves against a worm.

Posted by: Rob Parks | August 16, 2005 8:17 PM | Report abuse

Patching windows is a futile effort and time consuming. After one patch comes out, a new threat is released. Hmm, and Windows is a closed source operating system. The best part is that unlike Unix, you need to reboot after applying most patches. I don't understand why corporations are allowing traffic out of their networks or malicious traffic in. All mail servers, FTP servers, etc should be in a DMZ. Outbound traffic should go through a proxy. Executable MIME types should be blocked from downloads and email messages. Why are firewall admins letting 445, 135, 137, 139 inbound from anywhere? Why are corporations allowing laptops to go out in the wild and then connect to the corporate network? If you don;t want to worry about worms, spyware and viruses, get an Apple or an Intel box running Linux or FreeBSD. If you want to use your existing hardware at least replace Windows with Linspire Linux, which is more secure than Windows and easy to use for the average user.

Posted by: Chris | August 16, 2005 8:32 PM | Report abuse

First of all it's almost 2006.....a problem with Win2000????? The OS infected is Microsoft Windows 2000 in an unpatched state and no others. There were clear warnings of this threat by Microsoft on August 9th, 2005. Win200 is a 1997 designed OS, btw, and has been patched too numorous of times. Second, maybe this is payback for all the spam and pop-ups and spy-ware imposed on the end-users by your advertising agencies, i.e., maybe you were specifically targeted...or.... I would look at the ad servers as the ones that were attacked and led to you guys, also. That not withstanding, time to update fellows.

Posted by: Master Guru | August 16, 2005 8:48 PM | Report abuse

Typograhical errors are included for amusement only :-)

Posted by: Master Guru | August 16, 2005 8:53 PM | Report abuse

Yes Windows costs money to support AND it's vulnerable as all get out. AND every patch and new feature seemingly causes yet another vulnerability (or more) BUT let's face it, Apple-Linux-FreeBSD is not the answer. Those are niche OSs in the idea that (Seemless to learn-use and migrate to) software is not being developed at the same rate as Windows apps and until such time as this is rectified, these are not viable options. And, there is a point in that while seen as more secure, (and maybe there is truth there) there may be vulnerabilities unnoticed with the A-L-FBSD OSs simply because with such a limited user base, where does the hacker spend their efforts? Where the biggest bang is. Windows.

No. The answer is best served by another question. Why have consumers allowed such an array of flawed software (not just OSs) to be foisted upon themselves and why aren't software companies with their business-as-usual practices of shipping products with tens of thousands of bugs, held accountable?

Posted by: Dave | August 16, 2005 8:58 PM | Report abuse

Now they have done it!!! The hackers can mess with the governments, businessmen's, and everyday computer users. They can track us, steal from us, pop-up in our face or re-route the information we send out on our computers. But now I feel that their days are numbered as they messed with the MEDIA!!!

Posted by: Dave | August 16, 2005 9:06 PM | Report abuse

Stop spreading doom and gloom. This virus/worm DOES NOT 'take out' any computer it infects. Since it can only propogate through the infected computer being in operation, why would the virus 'take down' a machine it infects? An absolute silly statement. The only reason the computers were 'taken down' is cause someone (person) was smart enough to take the machines offline to prevent further spread.

BTW, if you think that Linux is virus proof, you had better wake up. If/when Linux is on 80% plus of the corporate desktops, we will see exactly the same thing happening. It is the nature of the beast.

These companies have only themseleves to blame. If it is the network administrators not protecting the network via firewall to 'on the go' laptop users bringing infected machines in from the outside. If a company the size of ABC and CNN cannot manage their own vulnerablilities they deserve what they have gotten.

Posted by: Don | August 16, 2005 9:08 PM | Report abuse

Linux/UNIX gurus know well, "there but by the grace of go I."

Consider what motivates hackers and you will understand why Microsoft is such a frequent target: publicity and hate!

Once Linux captures 98% of the corporate offices, it will become the #1 target of hackers and Windows will look "secure" by comparison.

...but then no ONE Linux will ever capture anything like that percentage because there are so damn many distros, with such a wide array of possible window manager and application mixes, none will ever become dominant.

In fact, this "school of fish" defense is the best thing Linux has going for it: odds are no one bug can infect the entire school, and hence there is less chance for a hacker to make a big splash!

And we all HATE big business!

Never mind that Bill Gates dropped out of school and started Microsoft partly as an act of defiance against the BIG CORP of his day, IBM! We still HATE a business that actually expects us to pay for software, never mind that the price is about 2 orders of magnitude smaller than it was when IBM and DEC were the BIG ITs!

So the Linux vendors will get a pass from the hackers because none is, nor likely ever to be, big enough to hate!

But who do we hold responsible for a flaw in the Linux world? We hold ourselves responsible! ...it is the ultimate in personal responsibility.

I raise my glass to the corporate IT manager who will step out from behind Microsoft's skirt and take on this responsibilty!

Posted by: KarlQuick | August 16, 2005 9:17 PM | Report abuse

Don,

By "take out" I believe he meant they were out of commission until they got cleaned up. The virus can cause Windows 2k systems to reboot constantly, giving users just 60 seconds before each successive reboot.

Posted by: Anonymous | August 16, 2005 11:04 PM | Report abuse

I've heard that Panda TruPrevent would have catch this worm

Posted by: John | August 17, 2005 4:53 AM | Report abuse

A firewall at the ISP level would solve this and other problems.

http://www.millstream.com/firelaw.html

Posted by: Richard Kelsall | August 17, 2005 7:31 AM | Report abuse

The Witty Worm was one of those worms that would "take down" a computer. But only if it was running an unpatched version of BlackIce Defender. Witty was another near 0-day exploit too.

Posted by: sekots | August 17, 2005 9:20 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company