Subscribe

CAMP FOSTER, Okinawa — Computer technicians on Okinawa Marine Corps bases were scurrying Friday to clean their system of a worm rapidly spreading throughout the world.

The worm, known as Zotob, began to affect computer systems in the United States using the Windows 2000 operating system early last week. On Thursday, CNN, the New York Times, credit card giant Visa and some federal and state computer systems across the country reported crashed systems due to the Zotob onslaught.

Worms are malicious programs that replicate until storage space on a computer or network is filled. The Zotob worm is said to make computers repeatedly reboot and shut down.

So far, reports of worm hits have been mostly to large computer systems and not individual computers, according to news reports. The Marine Corps system was the only military network reportedly hit by the worm.

“We have not had any problems — yet,” said Sayaka Higa, a spokeswoman for the 18th Wing at Kadena Air Base.

On Thursday, Marine base computer users were notified by e-mail of a problem with the Navy Marine Corps Intranet system maintained by Electronic Data Systems of Plano, Texas.

“We’re busy working to eradicate this worm,” EDS Okinawa site manager John McKnight said Friday. He said the worm replicated itself through the system.

EDS techs were continuing to aggressively respond to the attack, McKnight said. The bases that seemed most affected were camps Foster, Courtney and Kinser.

An e-mail sent to NMCI users advised them to keep their workstations connected to the network throughout the weekend in order for the virus cleanup to be accomplished.

Users of the network were told to call the NMCI help desk at 117 if they got a blue screen when rebooting their computers.

CNET News reported that the worm had morphed into at least 11 variants by the end of the week and continued to attack vulnerable systems, exploiting a security hole in the plug-and-play feature in Microsoft’s Windows 2000 operating system. Microsoft announced a fix for the bug on Aug. 9, citing the danger to systems as “critical.”

But many network systems had not installed the patch when the worms started their work five days later, CNET reported.

Microsoft issued a statement alerting its customers of a no-cost “cleaner tool” to remove the Zotob worm at: www.microsoft.com/malwareremove.

“We are not aware at this time of a new attack,” the company stated. “Our analysis has revealed that the reported worms are variants of the existing worm called Zotob.”

The company stated Zotob “has thus far had a low rate of infection compared to other network worms.”

“Zotob only targets Windows 2000,” the company stated. “Customers who have upgraded to Windows XP — as well as customers who have applied the MS05-039 security update to Windows 2000 — are not impacted by this attack.”

Sign Up for Daily Headlines

Sign-up to receive a daily email of today’s top military news stories from Stars and Stripes and top news outlets from around the world.

Sign up