New internet worm warning

 

The countdown to the next Windows net worm outbreak has begun.

Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities in some versions of Microsoft's Windows operating system.

The MSBlast worm that struck in August exploited similar vulnerabilities and caused havoc for many net-using firms.

Security experts are urging people to patch their computer systems to avoid the attentions of any web worm written to take advantage of these new loopholes.

 

Sudden strike

The MSBlast or Lovsan worm spread fast by exploiting the way that some versions of Microsoft Windows allow computers to talk to each other across the net.

The vulnerability that it exploited was discovered about 30 days before the first worm appeared.

But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner.

 

AFFECTED SYSTEMS

Security experts say malicious hackers and virus writers are already swapping computer code designed to slip through the new vulnerabilities.

 

US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.

"Certainly we'll see new variants in the next few hours or days," said Ken Dunham, a senior iDefense analyst.

He said that attacks similar to MSBlast outbreak could take place soon.

Users with vulnerable computers are being urged to download a patch for the flaws and protect their systems.

 

Turning point

Gerhard Eschelbeck, chief technology officer at security firm Qualys, said the time between the discovery of a bug in software and the moment it was exploited was shrinking all the time.

"Now exploits are available within days of the announcement of the vulnerability," he said.

He said malicious hackers and virus writers tended to concentrate on the most widespread loopholes to ensure any pernicious program they write would spread far and wide.

"MSBlast was a turning point because it was the first automated worm which had an active payload incorporated in it," he said.

Before MSBlast many worms, which travel round the net by themselves, were happy simply to swamp net connections with traffic as they searched for new servers and computers to infect.

By contrast MSBlast contained code that launched an attack on Microsoft's Windows update site on a particular date.

Microsoft was able to dodge that attack but Mr Eschelbeck fears that future worms will cause more disruption.

 

Bug half-life

Qualys has analysed more than 1.5m vulnerability scans of networks to find out how quickly bugs are patched.

Mr Eschelbeck said many vulnerabilities had a "half-life" like radioactive elements and can take a long time to disappear completely from the net.

Typically, he said, 50% of the computers suffering a particular vulnerability are patched every 30 days. This means that loopholes only gradually fade away.

He said new approaches using artificial intelligence to spot threats and improvements in the way that software is written are slowly helping to reduce the number of virus outbreaks.

 

18/09/2003

Bron : BBC World

Archief - Home