Cymbal Man Freq.
August 18th 05, 05:45 PM
Malicious hackers modify computer worm, release new versions
Matthew Fordahl, Associated Press
August 18, 2005
SAN JOSE, Calif. — Malicious hackers unleashed new variants of a computer worm
that attacks a vulnerability in Microsoft Corp.'s Windows 2000 operating system,
but infection rates appeared to be relatively low and damage minor Wednesday.
The latest "War of the Worms'' stands in contrast to previous outbreaks that
brought networks and millions of PCs to a crawl in recent years.
It's a sign, security experts say, that computer users are heeding warnings to
quickly install patches as they're released. It also indicates that Microsoft's
efforts to batten down the hatches of its ubiquitous software is paying off.
"Customers who have been impacted are feeling pain and we're working with them
to make sure they get through the recovery process as soon as possible,'' said
Debby Fry Wilson, director of Microsoft's Security Response Center. "But in
terms of the numbers of customers impacted, it is relatively low.''
Still, administrators of infected computers scrambled Wednesday to clean their
machines. In Massachusetts, the worm blocked e-mails and slowed Internet
connections at state government offices and caused delays at the Registry of
Motor Vehicles. Across the country, San Diego County officials said 12,000
computers needed to be "fixed'' after the outbreak.
Boeing Co. computers in St. Louis and Long Beach, Calif., also were hit, said
spokesman Robert Jorgensen. Infected machines were isolated and patched,
creating an "inconvenience'' but not affecting critical operations, he said.
Several media outlets — including The New York Times, CNN and ABC — reported
that the worms had invaded their networks. San Diego County was cleaning the bug
from 12,000 computers. The worm blocked e-mails and slowed Internet connections
in Massachusetts state government and caused delays at the Registry of Motor
Vehicles.
Besides sluggish network connections caused by their spread, the worms — Rbot,
Zotob and variants — also opened a backdoor that could be used to install
additional programs. Some infected PCs also reboot repeatedly without warning.
On Wednesday, four new variants of the worm had been detected by F-Secure Corp.
in Finland, bringing the total to 11, said Mikko Hypponen, the company's manager
of antivirus research. He said the variations apparently had been programmed to
compete with each other — one automated "bot'' pushing the worm will remove
another from an infected computer.
"We seem to have a botwar on our hands,'' Hypponen said. "There appears to be
three different virus-writing gangs turning out new worms at an alarming rate —
as if they would be competing who would build the biggest network of infected
machines.''
The latest worm targets a vulnerability that was publicly disclosed Aug. 9 by
Microsoft, which also released a free fix. The problem involves the "Plug and
Play'' service that lets users easily install hardware on their PCs.
By Aug. 12, someone had posted code that could be used to build a worm — a piece
of malicious software that replicates over networks. By Sunday, the first worm
was released into the wild, continuing the trend of hackers increasing the speed
with which they develop exploits.
From the start, the number of potential victims was limited by the fact that
only a vulnerability in Windows 2000 was remotely exploitable. The operating
system was never marketed as a consumer product.
The damage was further reduced by the fact that businesses have become more
aware of the risks of not maintaining tight security.
"Businesses in general are doing a much better job at putting patches in
place,'' said Martha Stuart, a researcher at the computer security firm Sophos
Inc.
At the same time, Microsoft has reworked later versions of Windows to limit a
computer's exposure to nasty software from the Internet.
Last summer, the company released a security update to Windows XP. By default,
it recommends switching on automatic updates and installs a firewall that blocks
the traffic used by the worm to propagate.
But even if those measures had been turned off, users of the latest Windows
operating system were not affected. Microsoft reworked the software to ensure
that it was less exposed to remote attacks.
"Compared to earlier versions of Windows, there are a third less vulnerabilities
because of the security development work we have done — and half the number of
critical vulnerabilities,'' Wilson said.
Microsoft will further ratchet up security with its next-generation operating
system, Windows Vista, which is set for release next year.
Still, few expect the number of attacks to diminish. Running on an estimated 90
percent of PCs, Windows offers malicious programmers the opportunity of wide
exposure and the potential of great damage should an attack succeed.
Matthew Fordahl, Associated Press
August 18, 2005
SAN JOSE, Calif. — Malicious hackers unleashed new variants of a computer worm
that attacks a vulnerability in Microsoft Corp.'s Windows 2000 operating system,
but infection rates appeared to be relatively low and damage minor Wednesday.
The latest "War of the Worms'' stands in contrast to previous outbreaks that
brought networks and millions of PCs to a crawl in recent years.
It's a sign, security experts say, that computer users are heeding warnings to
quickly install patches as they're released. It also indicates that Microsoft's
efforts to batten down the hatches of its ubiquitous software is paying off.
"Customers who have been impacted are feeling pain and we're working with them
to make sure they get through the recovery process as soon as possible,'' said
Debby Fry Wilson, director of Microsoft's Security Response Center. "But in
terms of the numbers of customers impacted, it is relatively low.''
Still, administrators of infected computers scrambled Wednesday to clean their
machines. In Massachusetts, the worm blocked e-mails and slowed Internet
connections at state government offices and caused delays at the Registry of
Motor Vehicles. Across the country, San Diego County officials said 12,000
computers needed to be "fixed'' after the outbreak.
Boeing Co. computers in St. Louis and Long Beach, Calif., also were hit, said
spokesman Robert Jorgensen. Infected machines were isolated and patched,
creating an "inconvenience'' but not affecting critical operations, he said.
Several media outlets — including The New York Times, CNN and ABC — reported
that the worms had invaded their networks. San Diego County was cleaning the bug
from 12,000 computers. The worm blocked e-mails and slowed Internet connections
in Massachusetts state government and caused delays at the Registry of Motor
Vehicles.
Besides sluggish network connections caused by their spread, the worms — Rbot,
Zotob and variants — also opened a backdoor that could be used to install
additional programs. Some infected PCs also reboot repeatedly without warning.
On Wednesday, four new variants of the worm had been detected by F-Secure Corp.
in Finland, bringing the total to 11, said Mikko Hypponen, the company's manager
of antivirus research. He said the variations apparently had been programmed to
compete with each other — one automated "bot'' pushing the worm will remove
another from an infected computer.
"We seem to have a botwar on our hands,'' Hypponen said. "There appears to be
three different virus-writing gangs turning out new worms at an alarming rate —
as if they would be competing who would build the biggest network of infected
machines.''
The latest worm targets a vulnerability that was publicly disclosed Aug. 9 by
Microsoft, which also released a free fix. The problem involves the "Plug and
Play'' service that lets users easily install hardware on their PCs.
By Aug. 12, someone had posted code that could be used to build a worm — a piece
of malicious software that replicates over networks. By Sunday, the first worm
was released into the wild, continuing the trend of hackers increasing the speed
with which they develop exploits.
From the start, the number of potential victims was limited by the fact that
only a vulnerability in Windows 2000 was remotely exploitable. The operating
system was never marketed as a consumer product.
The damage was further reduced by the fact that businesses have become more
aware of the risks of not maintaining tight security.
"Businesses in general are doing a much better job at putting patches in
place,'' said Martha Stuart, a researcher at the computer security firm Sophos
Inc.
At the same time, Microsoft has reworked later versions of Windows to limit a
computer's exposure to nasty software from the Internet.
Last summer, the company released a security update to Windows XP. By default,
it recommends switching on automatic updates and installs a firewall that blocks
the traffic used by the worm to propagate.
But even if those measures had been turned off, users of the latest Windows
operating system were not affected. Microsoft reworked the software to ensure
that it was less exposed to remote attacks.
"Compared to earlier versions of Windows, there are a third less vulnerabilities
because of the security development work we have done — and half the number of
critical vulnerabilities,'' Wilson said.
Microsoft will further ratchet up security with its next-generation operating
system, Windows Vista, which is set for release next year.
Still, few expect the number of attacks to diminish. Running on an estimated 90
percent of PCs, Windows offers malicious programmers the opportunity of wide
exposure and the potential of great damage should an attack succeed.