This archived article was written by: Angela Oliver
On the first day of classes, a fast- moving computer virus called botzor attacked thousands of computer operating systems, mainly Windows 2000, but also effecting Microsoft XP and Microsoft 2003 users. The virus attacked large corporations including: CNN, The New York Times, ABC, some offices on Capitol Hill, The Associated Press and Caterpillar Inc.
The worm infects a computer with what is called a mutex (short for mutual exclusion object). In computer programming, a mutex is a program object that allows multiple program threads to share the same resource, such as file access, but not simultaneously.) If a mutex already exists on the computer, the worm uses the existing mutex. The worm then modifies the computer so that the user cannot access any anti-virus programs, or many websites like E-bay and Amazon. It then makes a copy of itself on the computer and titles itself botzor.exe. After the file is on the computer, it will run every time the computer is turned on. Next it will disable the personal firewall so that nothing is blocked or filtered, and anything has access to your computer. It will then send the virus to other vulnerable computers in its network and connect to the computers so that it can send commands.For example, it can print system information like passwords, users, cpu, ram, etc.
As of August 17, Eric Mantz, CEU’s chief information officer, said “So far none of our systems seem to be affected by it. We have our five specific purpose firewalls guarding our networks from things like this, have firewalling turned on most of our PC-based workstations, and automated anti-virus updates being pushed out.”
On August 16, the Utah Education Network (UEN) sent an email titled [UtahSAINT] Worm update to Mantz on their view of the lastest virus: “Well I’m not supposed to say the sky is falling, but wanted to update everyone on the worm situation. Things on the internet are getting pretty rough, and new versions of worms for this latest PnP exploit have been popping up nearly every hour … Since this is the first wormable exploit in the past six months or so, I think we will see this trend grow before it gets better. Many hackers are looking for a way to mass compromise large portions of the internet.
The UEN network is fairing pretty well, We continue to block the malicious traffic from coming inbound on the network. However a major outbreak of some sort is happening at Beaver Dist. I can only imagine that it’s a matter of time before someone brings some of these wormsi into the UEN network. Many larger [higher education] institutions have already had small outbreaks, but blocked access to UEN hosts early, or they were already blocked. So once someone brings this onto the network without the proper blocks outbound, we will start to see it propagate. And with the raise of more aggressive versions of this worm, this process will move more quickly.
CNN reported large portions of their corporate network were effected, and it’s spreading fast.