Hackers' worm yields low infection rates

SAN JOSE, Calif. — Hackers unleashed new variants of a computer worm that attacks a vulnerability in Microsoft Corp.'s Windows 2000 operating system, but infection rates appeared to be low and damage minor Wednesday.

The latest "War of the Worms" stands in contrast to previous outbreaks that brought networks and millions of PCs to a crawl in recent years.

It's a sign, security experts say, that computer users are heeding warnings to quickly install patches as they're released. It also indicates that Microsoft's efforts to batten down the hatches of its ubiquitous software is paying off.

"Customers who have been impacted are feeling pain, and we're working with them to make sure they get through the recovery process as soon as possible," said Debby Fry Wilson, director of Microsoft's Security Response Center. "But in terms of the numbers of customers impacted, it is relatively low."

Several media outlets — including The New York Times, CNN and ABC — reported that the worms had invaded their networks. San Diego County was cleaning the bug from 12,000 computers. The worm blocked e-mails and slowed Internet connections in Massachusetts state government and caused delays at the Registry of Motor Vehicles.

On Wednesday, four new variants of the worm had been detected by F-Secure Corp. in Finland, bringing the total to 11, said Mikko Hypponen, the company's manager of antivirus research. He said the variations apparently had been programmed to compete with each other — one automated "bot" pushing the worm will remove another from an infected computer.

"We seem to have a botwar on our hands," Hypponen said. "There appears to be three different virus-writing gangs turning out new worms at an alarming rate — as if they would be competing who would build the biggest network of infected machines."

The latest worm targets a vulnerability that was publicly disclosed Aug. 9 by Microsoft, which also released a free fix. The problem involves the "Plug and Play" service that lets users easily install hardware on their PCs.

By Aug. 12, someone had posted code that could be used to build a worm — a piece of malicious software that replicates over networks. By Sunday, the first worm was released into the wild, continuing the trend of hackers increasing the speed with which they develop exploits.