Network News

X My Profile
View More Activity

Weekend Worm Worries

Listening to the online weather forecasters at the SANS Internet Storm Center, it sounds like the latest bunch of security patches from Microsoft may herald another computer worm outbreak similar to the isolated but notable epidemics that sprang from the Zotob worm two months ago.

Specifically, the gloom-and-doom prognostication is about this thing Microsoft innocuously enough calls MS05-051, a security hole present in Windows 2000 systems for which security researchers have already released "proof of concept" code demonstrating how the flaw could be exploited to break into and wreak havoc on vulnerable systems (the problem also is resident in Windows XP and Windows Server 2003 machines, but is far less of a risk in those systems).

The warnings are nearly at the same decibel level we heard prior to the release of Zotob, which emerged less than five days after Microsoft released a patch to fix the problem Zotob was designed to exploit.  Zotob led mainly to isolated outbreaks in large corporations like CNN, the New  York Times and ABC News, where a single infected machine on the internal network caused every vulnerable system within that area to get hosed.

I say  "isolated" because Internet service providers were already filtering out the type of traffic generated by Zotob's attempts to spread itself. The worm led to rather surreal situations, like Wolf Blitzer in his "situation room" showing viewers live footage of CNN computers in a hopeless reboot loop.

But a worm that exploited this latest vulnerability would generate traffic of a completely different kind, traffic that hardly any ISPs filter. As a result, experts say, such a worm could be far more destructive and pervasive than Zotob. SANS is saying something or someone may already being exploiting this flaw, as Internet traffic reports indicate a significant amount of scanning for vulnerable systems is taking place on the Web right now.

SANS is predicting something may happen this weekend, but my hunch is that if a worm does emerge over the weekend, we probably wouldn't hear much about it until early next week, when people come back to work and switch on their Windows 2000 computers, which are mainly used in business environments. Either way, take SANS's advice: if you're behind on patches, don't wait until you see Blitzer talking about another outbreak. Get patched already.

On a side note ... I was away last week, but during my absence it appears News.com honored Security Fix among its Top 100 blogs. Thanks for the recognition, CNET!

By Brian Krebs  |  October 14, 2005; 2:49 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Starting From Patch Scratch
Next: Extreme File Sharing

Comments

So, how'd we do this weekend?

Posted by: H. Carvey | October 17, 2005 9:03 AM | Report abuse

These were very interesting reports... I have Windows XP Home and a home computer research/typing business.. I worry lots about virus/worms, etc... I am updated with Norton/Semantic.... but how can I prevent invasion of the "worms"?...I am careful of downloads, maybe not as careful as I should be...like to play if there is ever time...

Posted by: Robert Carter/Sandra Carter | October 17, 2005 10:53 AM | Report abuse

Thank you for the heads up! I immediately went to the update after reading half of your article

Posted by: Derick Bayersdorfer | October 17, 2005 12:53 PM | Report abuse


Your article about phone viruses really surprised me!

I'd heard of their existence here .. but not to the extent implied in the article.

The logic (MMS and SMS) sounds right: billions of them are being sent/received monthly in Europe. (Reason: much cheaper than calling!!!)

However, there's hardly been anything written concerning the size problem or its existence on such a large scale.

Posted by: Norman Goldberg | October 25, 2005 11:38 AM | Report abuse

It is potentially really bad. Many organizations that have strong IT departments and policies are tightening security down; in fact stopping browsing of all but a select few of websites. Please read http://www.us-cert.gov/cas/techalerts/TA05-362A.html and http://isc.sans.org/ for more explanations. Microsoft is trying to downplay the issue, but considering IDSs, firewalls, and antiviruses can potentially miss this, it could prove bigger than the infamous Mellissa and Loveletter viruses.

Posted by: Mike | January 3, 2006 5:14 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company