This week in security

A new worm initially thought to be pretty harmless ended up mutating into a series of worms that could shut down Windows PCs, leading some to believe that a war among hackers was to blame.

The original Zotob.A was unleashed over the weekend, wreaking relatively little havoc. As of Monday morning on the West Coast, the original worm had infected about 50 computers worldwide, and the first variant, Zotob.B, had compromised about 1,000 systems.

However, by Tuesday the worm had evolved into a greater annoyance, shutting down computers running Microsoft's Windows 2000 operating system. Computers across the United States were hit, including those at cable news station CNN, television network ABC and The New York Times. Symptoms of infection include the repeated shutdown and rebooting of a computer.

Without any user interaction, the worms can infect unpatched Windows 2000 systems that aren't protected by a firewall. The worms typically install a shell program on the computer to download the actual worm code using FTP, or File Transfer Protocol. The newly infected system then starts searching for new computers to compromise.

The worm, which has spawned several variants, exploits a hole in the plug-and-play feature in the Windows operating system. It surfaced only days after Microsoft offered a fix for the "critical" bug as part of its monthly patching cycle.

Some at CNET News.com found irony in some media outlets' coverage of the worm. "CNN should be embarrassed," wrote Timothy Beckner in News.com's TalkBack forum. "Their IT people could have patched them last week."

"How (Bill) Gates and (Steve) Ballmer get any sleep every night is beyond me."
--Carl Johnson

Some theorize that the recent surge in worms could be part of an underground battle to hijack PCs for use in Net crimes. Signs of a turf war between cybercrooks lie in the behavior of the worms that have emerged since Sunday, said Mikko Hypponen, chief research officer at F-Secure, a Finnish security software company.

The dozen or so worms and variants all exploit the same security hole, but some versions undo the effects of earlier worms, suggesting that the creators are battling to take over computers that others have already compromised, Hypponen said.

"We seem to have a bot war on our hands," Hypponen said. "There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines."

In response to the havoc, Microsoft made available a free software tool to help victims of worms that hit Windows computers in the past days clean their systems. The tool can be run online through Microsoft's Web site or downloaded from the Microsoft Download Center.

Microsoft's moves did little to assuage the anger some CNET News.com readers feel toward the company's executives. "How (Bill)