Thursday, August 18, 2005

Wave of network worms strike

The recent spate of about 17 worms that has broken out among media companies and other US corporations since the weekend has infected about 250,000 unpatched Windows 2000 systems in over 175 companies including CNN, ABC News, The Financial Times, The New York Times, Associated Press news agency, Caterpillar, General Electric Co., United Parcel Service Inc., American Express, Visa, DaimlerChrysler, Boeing Co., SBC Communications, Canadian Imperial Bank of Commerce, BMO Financial Group, Bell Canada, Monroe County, San Diego County, Massachusetts Registry of Motor Vehicles and Kraft Foods.

The worms are varieties of three families -- "Zotob", "Bozori" and "IRCbot", that all exploit a recent Microsoft plug 'n play vulnerability on unpatched Windows 2000 systems, which runs on approximately 48% of business PCs. There has been a quiet spell since the last major network worm last year, and everyone has been predicting a major "blaster category" worm outbreak for some time now. Well now it has finally happened. There are a number of trends we should observe from this recent outbreak:

First, analysts have warned the attacks showed that hackers have gained a dangerous advantage in speed in the battle over network security. A few years ago, it would have taken several weeks or months -- not days -- for a virus to be released to exploit flaws in Windows. This sets up a race between technology managers who must update their systems to fix vulnerabilities and virus writers aiming to exploit holes before they are patched. Once Microsoft issued patches for the vulnerability, network managers have simply not had the time to protect themselves from the worms that appeared soon thereafter. The importance of "just in time patching" will soon start sinking in. See Virus writers moving faster with attacks.

Second, the multiple worms are hitting individual organizations rather than computer users at large. These worms are not having an impact on the Internet but they do have a substantial effect on organizations running Windows 2000 without last week's Microsoft patch installed. The pain is being felt "on the inside" since the number of potential victims was limited by the fact that the operating system was never marketed as a consumer product. It is most likely that infections are from corporate laptops according to analysts, which would explain the media companies being hardest hit as they have huge amounts of mobile laptops. The importance of laptop and mobile security will also start sinking in.

Third, security researchers claim the outbreak is tied to a "botwar" between rival virus writers, which has a financial motive. There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines. A botnet of about 5,500 "zombies," or compromised computers, typically costs spammers, phishers or other crooks about $350 a week. See Watch out for the worm wars and Bot battle brewing .

Lastly, we will see a LOT more variants of Zotob and the IRCbots because of the success of this initial outbreak. We can also expect to see other threats incorporate the exploit.
Rate this post: (Provided by NewsGator)


Post a Comment

Links to this post:

Create a Link

<< Home