Rival hackers have unleashed competing computer worms on the Internet which are designed to exploit recently revealed flaws in various versions of Microsoft's Windows operating systems. The worms are most notable for their arrival speed: They are quickly spreading around the globe less than a week after Microsoft announced the flaws they exploit. Microsoft, however, remains surprisingly unimpressed by the fact that its customers are being forced to take their PC systems offline.
"We are not aware at this time of a new attack," the company noted in a statement it issued last night. "Instead our analysis has revealed that the reported worms are different variations of the existing attack called Zotob. Microsoft has reviewed the situation and continues to rate the issue as a low threat for customers."
This statement bears little comfort for companies such as ABC, Caterpillar Company, CNN, Daimler Chrysler, The Financial Times, Kraft Foods, The New York Times, The San Francisco International Airport, SBC Communications, United Parcel Service (UPS), and Walt Disney, all of which suffered from computer crashes, downtime, and repeated reboots because of the worm attacks. According to reports, there are at least six separate worms that exploit Microsoft's recently-revealed flaws. David Maynor, a security researcher at Internet Security Systems in Atlanta told The New York Times that the hackers responsible were essentially involved in a "turf war" to control computers in the largest networks around the world.
Despite Microsoft's "low threat" assertions, security firms are rating this attack being more severe. Trend Micro is using the "medium" designation to describe the attack, while Symantec grades the Zotob attacks as a 3 on a 1 to 5 scale.
But back to Microsoft, which you'd think would be reaching out to customers and not explaining how they'd be fine if they simply upgraded to XP or installed patches the day they were released. "Zotob has thus far had a low rate of infection," the aforementioned statement continues. "Zotob only targets Windows 2000. Customers running other versions such as Windows XP, or customers who have applied the MS05-039 update to Windows 2000 are not impacted by this attack."
Only Windows 2000, eh? According to AssetMatrix, Windows 2000 is the most-often used Windows version in medium- and large-sized corporations, edging out XP 48 percent to 37 percent. Put another way, roughly half of all Windows installs in corporations are Windows 2000.
So we have an interesting situation. Hackers are now able to exploit Windows flaws within days, and when they do so, corporations are admonished by Microsoft. No offense to the world's largest software company, but that's no way to talk to customers.