Several divisions of the New York Times had to deal with the worm on Tuesday, including the newsroom and corporate headquarters, said spokeswoman Catherine Mathis.

"We did experience difficulties yesterday afternoon ... but it didn't affect production," Mathis said.

CNN also had systems affected by the worm.

"We were hit by it," CNN spokeswoman Laurie Goldberg said. "Because we have multiple systems in place, you couldn't tell we were hit on the air--we didn't meet a beat on air."

Disney and its ABC News division were also affected by the worms, CNN reported on Tuesday. A spokesperson from Disney could not immediately be reached for comment.

While the news organizations did not describe how the worms got into the companies, the delay between when the worms started spreading on Sunday and when the companies reported the attacks left some security experts speculating that some variant of the worms hitched a ride on workers' laptop.

"If you have a big enough network, you have to assume sooner or later some one will walk in with an infected laptop," F-Secure's Hyppönen said.

Despite a heightened public profile due to the infection of computers owned by media outlets, security professionals have downgraded their warnings for the worm.

The Internet Storm Center, a group of volunteers that monitor network attacks for the SANS Institute, reduced its threat level for corporate networks from yellow to green late Monday. In addition, Microsoft disputed that the worms were quickly compromising companies.

"We are not aware at this time of a new attack; instead our analysis has revealed that the reported worms are different variations of the existing attack called Zotob," the company said in a statement. "Microsoft has reviewed the situation and continues to rate the issue as a low threat for customers."

The company refused to comment on whether it would place a bounty on those responsible for the worms. Microsoft got its first success in pursuing those who release worms and viruses with the conviction of the author of the Sasser worm last month. Under the company's Anti-virus Reward Program, a $5 million initiative established by Microsoft in November 2003, a $250,000 reward will the given for information leading to the conviction of those responsible for the outbreaks of the Blaster worm, the Sobig virus and the MyDoom virus.

While the self-spreading bots have gained the attention of many network administrators, the more stealthy bots and Trojan horse programs should be a greater worry because they target sensitive information and may not be detected by even current antivirus, said Johannes Ullrich, chief technology officer for the Internet Storm Center.

"The more sophisticated bot software is more of a threat to most companies than the worms, because you don't know if your systems are infected," Ullrich said.

In fact, the latest bot-worm hybrids may be the picture of the future, he said. The next worms will also likely be built on bot software, because the code is readily available and the latest exploits for software problems can be plugged right in.

Lurhq's Stewart agreed, adding that the groups compromising systems to create bot software are less involved with the technology.

"These criminal groups are not changing the code a lot nowadays," Stewart said. "They are more like companies buying a software application--they are looking at open-source bots, and modifying them just enough to build their businesses on them."