Toronto — A computer worm designed to eliminate an earlier virus brought computer networks to a standstill Tuesday, swamping computer networks with traffic including Air Canada, which was forced to check passengers in manually across the country.
Vancouver International Airport reported huge delays and long line ups in the international departures terminal as the virus slowed Air Canada's check-in computer system.
Air Canada spokeswoman Laura Cooke said the virus affected the airline's call centre in Toronto and check-in systems across the country.
"It is causing delays in processing customers at airports," she said.
The worm also caused problems for Ontario officials trying to repair the hydro system from last week's blackout.
"The system is under attack from the virus, and we've had more problems with this particular virus this afternoon than any other previous virus in Ontario," said Terry Young, a spokesman for the Ontario's Independent Electricity Market Operator.
However, the virus primarily affected administrative computers and not plant operations at any of the province's generating stations, said John Earl, spokesman for Ontario Power Generation.
"None of our operational systems have a computer problem," Mr. Earl said.
Inside the terminal in Vancouver, passengers, some of whom have been stranded since the blackout-related problems of last Thursday, were frustrated.
"It's a nightmare," said one unidentified woman. "The service is so bad; the management was so bad. The system is just a mess, just a mess. I had my luggage delivered to Toronto, I was told on Saturday, so I don't have anything."
The worm targets computers running Windows 2000 and Windows XP and infected with the blaster worm.
Once it deletes the blaster worm, the computer attempts to download a patch of the Microsoft update site, installs the patch and reboots the computer.
It searches for active computers by sending a signal across the Internet, which results in significant increases in traffic.
Internet security firm Symantec identified over 600,000 computers on Tuesday afternoon that were affected by one of the two worms.
Telus, the country's second-biggest phone company, saw operations for 411 operators temporarily slowed as the worm infected a number of individual computers at the company, while Corus Entertainment's Web site was down until the company was able to clean up its system.
The worm snarled the network at the CBC, slowing the broadcaster's Web site.
Symantec assessed the worm a "Level 4" threat, the second-highest, due to reports of severe disruptions on internal networks.
"Despite its original intent, the W32.Welchia.Worm is an insidious worm that is preventing IT administrators from cleaning up after the W32.Blaster.Worm," Vincent Weafer, senior director of Symantec Security Response, said.
"The worm is swamping network systems with traffic and causing denial of service to critical servers with organizations."
It was not known where either of the worms originated.
However, blaster, also known as lovsan because of a note it left on vulnerable computers — "I just want to say LOVE YOU SAN!" — also carried a hidden message to taunt Microsoft's chairman: "billy gates why do you make this possible? Stop making money and fix your software!"
Blaster exploited a flaw in most current versions of Microsoft's Windows operating system for personal computers, laptops and server computers.
Although Microsoft posted a software patch to fix the flaw on July 16, many users failed to download the patch, leaving them vulnerable to the worm, which first started hitting computers around the world on Monday.
The worm caused computers to reboot frequently or disrupted browsing of the Internet.
Last week, blaster forced Maryland's motor vehicle agency to close for the day and kicked Swedish Internet users offline as it spread, its instruction set triggering Windows computers to shut down and restart.
It also packed a second punch: starting at midnight local time Aug. 16, infected computers that had not cleaned up the virus turned into a legion of zombies instructed to repeatedly call up a Microsoft Web site that houses the software patch.
With so much traffic flooding the network, the site would be unreachable and computer users would be unable to access the patch.
However, the worm instructed computers to call up http://windowsupdate.com — an incorrect address for reaching the actual Microsoft Web site that houses the software patch.
Although Microsoft has long redirected those who visited that incorrect address to the real site — http://windowsupdate.microsoft.com — the company disabled the automatic redirection in preparation for the onslaught of infected computers.
