Weekend Worm Worries
Listening to the online weather forecasters at the SANS Internet Storm Center, it sounds like the latest bunch of security patches from Microsoft may herald another computer worm outbreak similar to the isolated but notable epidemics that sprang from the Zotob worm two months ago.
Specifically, the gloom-and-doom prognostication is about this thing Microsoft innocuously enough calls MS05-051, a security hole present in Windows 2000 systems for which security researchers have already released "proof of concept" code demonstrating how the flaw could be exploited to break into and wreak havoc on vulnerable systems (the problem also is resident in Windows XP and Windows Server 2003 machines, but is far less of a risk in those systems).
The warnings are nearly at the same decibel level we heard prior to the release of Zotob, which emerged less than five days after Microsoft released a patch to fix the problem Zotob was designed to exploit. Zotob led mainly to isolated outbreaks in large corporations like CNN, the New York Times and ABC News, where a single infected machine on the internal network caused every vulnerable system within that area to get hosed.
I say "isolated" because Internet service providers were already filtering out the type of traffic generated by Zotob's attempts to spread itself. The worm led to rather surreal situations, like Wolf Blitzer in his "situation room" showing viewers live footage of CNN computers in a hopeless reboot loop.
But a worm that exploited this latest vulnerability would generate traffic of a completely different kind, traffic that hardly any ISPs filter. As a result, experts say, such a worm could be far more destructive and pervasive than Zotob. SANS is saying something or someone may already being exploiting this flaw, as Internet traffic reports indicate a significant amount of scanning for vulnerable systems is taking place on the Web right now.
SANS is predicting something may happen this weekend, but my hunch is that if a worm does emerge over the weekend, we probably wouldn't hear much about it until early next week, when people come back to work and switch on their Windows 2000 computers, which are mainly used in business environments. Either way, take SANS's advice: if you're behind on patches, don't wait until you see Blitzer talking about another outbreak. Get patched already.
On a side note ... I was away last week, but during my absence it appears News.com honored Security Fix among its Top 100 blogs. Thanks for the recognition, CNET!
Posted by: H. Carvey | October 17, 2005 9:03 AM | Report abuse
Posted by: Robert Carter/Sandra Carter | October 17, 2005 10:53 AM | Report abuse
Posted by: Derick Bayersdorfer | October 17, 2005 12:53 PM | Report abuse
Posted by: Norman Goldberg | October 25, 2005 11:38 AM | Report abuse
Posted by: Mike | January 3, 2006 5:14 PM | Report abuse
The comments to this entry are closed.