SAN JOSE – Hackers unleashed new variants of a computer worm that attacks a vulnerability in Microsoft Corp.'s (search) Windows 2000 operating system, but infection rates appeared to be low and damage minor Wednesday.
The latest "War of the Worms" stands in contrast to previous outbreaks that brought networks and millions of PCs to a crawl in recent years.
It's a sign, security experts say, that computer users are heeding warnings to quickly install patches as they're released. It also indicates that Microsoft's efforts to batten down the hatches of its ubiquitous software are paying off.
"Customers who have been impacted are feeling pain and we're working with them to make sure they get through the recovery process as soon as possible," said Debby Fry Wilson, director of Microsoft's Security Response Center. "But in terms of the numbers of customers impacted, it is relatively low."
A number of media outlets — including The New York Times, CNN and ABC — reported Tuesday the worms had invaded their networks. San Diego County was cleaning the bug from 12,000 computers. Infections had disrupted computers at several Caterpillar Inc. (search) plants.
On Wednesday, four new variants of the worm had been detected by F-Secure Corp. in Finland, bringing the total to 11, said Mikko Hypponen, the company's manager of antivirus research. He said the variations apparently had been programmed to compete with each other — one automated "bot" pushing the worm will remove another from an infected computer.
"We seem to have a botwar on our hands," Hypponen said. "There appears to be three different virus-writing gangs turning out new worms at an alarming rate — as if they would be competing who would build the biggest network of infected machines."
The latest worm targets a vulnerability that was publicly disclosed Aug. 9 by Microsoft, which also released a free fix. The problem involves the "Plug and Play" service that lets users easily install hardware on their PCs.
By Aug. 12, someone had posted code that could be used to build a worm — a piece of malicious software that replicates over networks. By Sunday, the first worm was released into the wild, continuing the trend of hackers increasing the speed with which they develop exploits.
From the start, the number of potential victims was limited by the fact that only a vulnerability in Windows 2000 (search) was remotely exploitable. The operating system was never marketed as a consumer product.
The damage was further reduced by the fact that businesses have become more aware of the risks of not maintaining tight security.
"Businesses in general are doing a much better job at putting patches in place," said Martha Stuart, a researcher at the computer security firm Sophos Inc.
At the same time, Microsoft has reworked later versions of Windows to limit a computer's exposure to nasty software from the Internet.
Last summer, the company released a security update to Windows XP. By default, it recommends switching on automatic updates and installs a firewall that blocks the traffic used by the worm to propagate.
But even if those measures had been turned off, users of the latest Windows operating system were not affected. Microsoft reworked the software to ensure that it was less exposed to remote attacks.
"Compared to earlier versions of Windows, there are a third less vulnerabilities because of the security development work we have done — and half the number of critical vulnerabilities," Fry said.
Microsoft will further ratchet up security with its next-generation operating system, Windows Vista, which is set for release next year.
Still, few expect the number of attacks to diminish. Running on an estimated 90 percent of PCs, Windows offers malicious programmers the opportunity of wide exposure and the potential of great damage should an attack succeed.