By Bradley Olson, The Baltimore Sun

March 10, 2007,0,6377806.story?coll=bal-technology-headlines

The Rimbot computer virus that led to the shutdown of Anne Arundel County's computer networks this week might have been the first appearance of yet another "variant" of the fast-mutating program, which caused similar disruptions at media outlets across the country this month.

Bill Ryan, the county's information technology officer, said the county was likely among the first to be affected by the virus' "Y" variant, which began garbling Web sites and other documents on the computers of county employees Wednesday.

Symantec -- the Cupertino, Calif.-based company that writes much of the software that protects PC operating systems from malicious viruses -- did not have a remedy for the variant when county officials contacted the firm Wednesday, Ryan and the company said.

"There are thousands of viruses written every day, and someone has to notify [Symantec] about the newer ones," Ryan said. "When we notified them about it, there was no correction for it. Once we got that [the correction] from them Thursday, we began to send it out to our PCs."

A spokesman for Symantec declined to comment on whether the Anne Arundel government computers were the first to be infected. The county pays the company $70,000 annually to prevent virus shutdowns.

Ryan said about 200 out of 2,500 county computers on a nonemergency network were infected, as well as a "much smaller number of 1,500 computers that are used by public safety departments. The remedy -- a computer program that finds and deletes the virus from individual computers -- is expected to be applied to all 4,000 computers by Monday. As of yesterday, about a quarter of those machines had yet to be reconnected to the network, meaning they had no access to shared documents and printers, or to the Internet.

County officials determined Thursday which employees needed to be connected to the network to do their jobs and which could go without, and began implementing Symantec's fix on a priority basis.

Ryan said he thought the county would have to "touch" some computers, meaning some of the county's 20 information technology staffers would need to manually fix the machines. Most would be corrected through Symantec's software, he said.

The Rimbot virus began appearing last year. It is believed to have been designed by an unknown hacker with an apparent grudge against Symantec.

Since then, its variants have continued to bedevil companies by exploiting network vulnerabilities. It has developed a reputation for turning PCs into "zombies" that attack other systems or send out millions of spam e-mails.

County officials still don't know how the virus entered its network. It affected almost every computer differently, Ryan said, causing some to shut down and reboot continually, while other workers reported opening Web sites or documents, only to find computer gibberish.

Rhonda Wardlaw, a county spokeswoman, said there was no disruption in public safety or to any services, although county employees in some offices had to enter handwritten documents into the computer system.

"Most of the essential computers, if not 99 percent, were up and running," she said. "This virus didn't stop the government from continuing. No resident should have even known that our internal computer system was down."

main page ATTRITION feedback