Thousands of Israeli PCs Hit by Virus

Thousands of Israelis fell victim to a new Web-based computer virus early yesterday, flooding Internet service providers with panicked phone calls and urgent requests for help.

The computers had been affected by an Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft's Windows software.

The virus first emerged in the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.

The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP that, among other activities, allows computers to share files.

Once it gets to a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then it scans the Internet for other vulnerable machines and attacks them, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute. In some cases, the worm crashes the victim machine but does not infect it, he said.

The virus is spreading rapidly and has infected several thousand machines, Ullrich said.

Israeli Internet service providers (ISPs) said yesterday they would assist any of their users hit by the worm virus.

Last month, Microsoft warned about the vulnerability, which experts said was one of the worst to hit a software program in years due to the large number of Windows systems affected.

The U.S. government issued a warning about the security flaw, and then released an additional advisory warning after thousands of machines began scanning the Internet looking for vulnerable computers. After that, experts said it was only a matter of time before a worm would appear.

In January, a worm dubbed Slammer that exploited a hole in Microsoft's SQL database software brought automatic teller machines in the United States to a standstill, paralyzed corporate networks worldwide, and nearly shut down Web access to South Korea.