Fixing The Worm's DamageFixing The Worm's Damage

NEW YORK (AP)--Technicians began repairing the damage Wednesday from a worm that disabled computers around the world and sent businesses scrambling to update their software to prevent new attacks.

The virus-like worm, dubbed "LovSan" or "blaster," attacked Microsoft operating systems with an inundation of data packets early this week, triggering computers running Windows to shut down and restart.

The attack forced Maryland's motor vehicle agency to close for the day and kicked Swedish Internet users offline as it spread.

Security experts said the world was lucky this time because LovSan is comparatively mild and doesn't destroy files. They worry that a subsequent attack exploiting the same flaw--one of the most severe to afflict Windows--could be much more damaging.

"We think we're going to be dealing with it for quite some time," said Dan Ingevaldson, engineering manager at Internet Security Systems in Atlanta.

Although LovSan did not appear to do any permanent damage, Ingevaldson said instructions to do just that could easily be written into a worm that propagates in the same way.

The latest infection got its name from a note it leaves on infected computers: "I just want to say LOVE YOU SAN!" Researchers also discovered a hidden message that faults Microsoft chairman Bill Gates for not fixing a flaw in Windows system that allows the type of attack.

The attack was preventable for many systems. On July 16, Microsoft posted on its Web site a free patch that prevents LovSan and similar infections. The underlying flaw affects nearly all versions of the software giant's flagship Windows operating system.

Notwithstanding high-profile alerts issued by Microsoft and the Department of Homeland Security, many businesses did not install the patches and scrambled Tuesday to shore up their computers.

"You're looking at 70 new vulnerabilities every week," said Sharon Ruckman, senior director at the research lab for anti-virus vendor Symantec Corp. "It's more than a full-time job trying to make sure you are up to date."

Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.

"Ultimately, it's a flaw in our software," he said.

Non-Microsoft systems were not vulnerable, though some may have had trouble connecting with Web sites, e-mail and other servers that run on Windows.

The worm exploits a flaw in Windows used to share data files across computer networks. It was first reported in the United States on Monday and spread across the globe as businesses opened Tuesday and workers logged on.

Additional U.S. computers were hit Tuesday, and Maryland's Motor Vehicle Administration shut all its offices at noon.

"There's no telephone service right now. There's no online service right now. There's no kiosk or express office service," spokeswoman Cheron Wicker said. "We are currently working on a fix and expect to be operational again in the morning."

In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handled Internet traffic.

Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. He said the problems did not affect production.

The worm also affected networks in China, but the damage apparently was not serious.

The Ruixing Computer Company, a Beijing-based antivirus company, said it received more than 1,000 phone calls from computer users--mostly businesses--asking for help, the official Xinhua News Agency reported.

China has the world's second-biggest online population, with 68 million users, according to government statistics released last month. The United States has more than 165 million.