Network glitch shutters NY Times office

Reporters and editors shut down their computers as the newspaper's network becomes unstable, in a week during which variants of the MSBlast worm and the Sobig virus have run rampant.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
The New York Times Co. asked reporters and editors at its newspaper's main office to shut down their PCs for several hours Friday after its computer network became unstable.

The company didn't know what caused the network problems, spokesman Toby Usnik said. He said The New York Times' main office on 43rd St. in New York was the one affected.

"We did ask our employees to shut off their workstations shortly after noon," Usnik said. "But we do plan to get our paper out on time tomorrow."

The New York Times shutdown occurred in a week that saw many companies scramble to deal with a double whammy of a computer virus and a network worm, which nevertheless failed to impact the Internet at large.

The virus--W32/Sobig.F, a new variant of the mass-mailing Sobig virus--took off on Tuesday, swamping many companies' mail servers, including e-mail systems at the Massachusetts Institute of Technology.

The Internet worm--called MSBlast.D, W32.Welchia or W32/Nachi--started compromising computers Monday and has overwhelmed some corporate networks with its aggressive scans for vulnerable hosts. The worm disrupted the ticketing systems of Air Canada and the corporate networks at defense contractor Lockheed Martin.

On Friday, the second stage of an attack by the Sobig.F computer virus fizzled when security researchers and network operators managed to secure 20 servers, from which the virus was scheduled to download new instructions. Security experts had discovered that the tens of thousands of PCs infected this week with the virus were programmed to download additional software that could be used to spy on the computers' owners or launch another wave of spam.

The contact with the 20 servers was supposed to occur at noon PDT and last until 3 p.m. However, security experts were able to locate the servers and warn network operators of the danger. By the noon deadline, all the servers had apparently been isolated from the Internet or secured in some other way.