'

Australia: Zotob hits Amex, Visa

update Variants of the Zotob worm caused damage to Visa and American Express' internal networks yesterday, but both companies said their transactional systems were unaffected. However, carmaker Holden had to pay a bigger price.

update Variants of the Zotob worm caused damage to Visa and American Express' internal networks yesterday, but both companies said their transactional systems were unaffected. However, carmaker Holden had to pay a bigger price.

The Zotob worm, which was discovered last weekend, has been wreaking havoc in the United States this week by exploiting a vulnerability in Windows 2000.

Antivirus firms and Microsoft have been playing down the impact of Zotob in Australia, but reports of the first major casualties have started trickling in.

Sources close to American Express said Wednesday morning delivered a rude shock to many employees -- as soon as they logged in to their network, computers automatically switched off.

"There were a few people who managed to access the network but it was very slow. Internal e-mail alone took between 30 minutes and a few hours to transmit," sources said.

Another source told ZDNet Australia that some PCs were shutting down intermittently numerous times throughout the day. "It was really disruptive -- the network, files, Internet, e-mail ... everything was crippled."

One American Express partner, who requested anonymity, said e-mail messages to the company "took a few hours to get through".

American Express ANZ spokesperson Luisa Megale confirmed the incident. She told ZDNet Australia that the company had "desktop availability issues" on Wednesday morning due to variants of the Zotob worm attacking its internal network.

"We had desktop availability issues yesterday but the patches were deployed very swiftly. It was only those people that had come in very, very early that were impacted. As far as we are aware, we're back up and running," said Megale.

According to Megale, American Express has 3,000 employees but "less than one percent" were affected.

Megale stressed that there was no impact on its transactional network.

Meanwhile, Andrew Woodward, Visa's spokesperson for Australia and New Zealand, told ZDNet Australia that Zotob variants affected 30 computers and "several hundred" in the Asia-Pacific region.

"Our internal system went down at about 5am (Wednesday morning Sydney time) and was up again around lunchtime. It was the Visa administration system, not our transactional network -- no card holder was affected whatsoever," said Woodward.

Microsoft released a patch on August 9 to fix the initial vulnerability. The Microsoft Technical Bulletin MS05-039 stated that a successful exploitation would allow the attacker to "take complete control of the affected system ... install programs; view, change, or delete data; or create new accounts with full user rights."

On Wednesday, Microsoft made available a free software tool to help victims of the worms.

The Windows Malicious Software Removal Tool detects and removes malicious code placed on computers. Microsoft typically releases a new version of the tool every month with its security patches. The tool can be run online through Microsoft's Web site or downloaded from the Microsoft Download Centre.

Cable news station CNN, television network ABC and The New York Times have also fallen prey to Zotob. According to an AAP report, car manufacturer Holden lost $6 million due to the worm when it was forced to shut down its vehicle assembly plant in Adelaide for several hours yesterday.

Holden spokesperson David Ellis said the company would not comment on how the worm penetrated its network but technicians believed there were actually four or five different strains, he told AAP. Production was back to normal but the matter is being investigated, he said.