Thursday, August 18, 2005

Worm Infection Rates Appear to Be Low


SAN JOSE, Calif. - Malicious hackers unleashed new variants of a computer worm that attacks a vulnerability in Microsoft Corp.'s
Windows 2000 operating system, but infection rates appeared to be relatively low and damage minor Wednesday.

The latest "War of the Worms" stands in contrast to previous outbreaks that brought networks and millions of PCs to a crawl in recent years.

It's a sign, security experts say, that computer users are heeding warnings to quickly install patches as they're released. It also indicates that Microsoft's efforts to batten down the hatches of its ubiquitous software is paying off.

"Customers who have been impacted are feeling pain and we're working with them to make sure they get through the recovery process as soon as possible," said Debby Fry Wilson, director of Microsoft's Security Response Center. "But in terms of the numbers of customers impacted, it is relatively low."


WeddingBands_1d

Beauty.com Home Page

Summer_Reading_125x125

toolsdirect-125x125


Still, administrators of infected computers scrambled Wednesday to clean their machines. In Massachusetts, the worm blocked e-mails and slowed Internet connections at state government offices and caused delays at the Registry of Motor Vehicles. Across the country, San Diego County officials said 12,000 computers needed to be "fixed" after the outbreak.

Boeing Co. computers in St. Louis and Long Beach, Calif., also were hit, said spokesman Robert Jorgensen. Infected machines were isolated and patched, creating an "inconvenience" but not affecting critical operations, he said.

Several media outlets — including The New York Times, CNN and ABC — reported that the worms had invaded their networks. San Diego County was cleaning the bug from 12,000 computers. The worm blocked e-mails and slowed Internet connections in Massachusetts state government and caused delays at the Registry of Motor Vehicles.

Besides sluggish network connections caused by their spread, the worms — Rbot, Zotob and variants — also opened a backdoor that could be used to install additional programs. Some infected PCs also reboot repeatedly without warning.

On Wednesday, four new variants of the worm had been detected by F-Secure Corp. in Finland, bringing the total to 11, said Mikko Hypponen, the company's manager of antivirus research. He said the variations apparently had been programmed to compete with each other — one automated "bot" pushing the worm will remove another from an infected computer.

"We seem to have a botwar on our hands," Hypponen said. "There appears to be three different virus-writing gangs turning out new worms at an alarming rate — as if they would be competing who would build the biggest network of infected machines."

The latest worm targets a vulnerability that was publicly disclosed Aug. 9 by Microsoft, which also released a free fix. The problem involves the "Plug and Play" service that lets users easily install hardware on their PCs.

By Aug. 12, someone had posted code that could be used to build a worm — a piece of malicious software that replicates over networks. By Sunday, the first worm was released into the wild, continuing the trend of hackers increasing the speed with which they develop exploits.


Tees 120x90

Free Shipping on Car Parts and Accessories Orders over $100

Sale_Banner LS_125_125

125x125GaiamSimplicity


From the start, the number of potential victims was limited by the fact that only a vulnerability in Windows 2000 was remotely exploitable. The operating system was never marketed as a consumer product.

The damage was further reduced by the fact that businesses have become more aware of the risks of not maintaining tight security.

"Businesses in general are doing a much better job at putting patches in place," said Martha Stuart, a researcher at the computer security firm Sophos Inc.

At the same time, Microsoft has reworked later versions of Windows to limit a computer's exposure to nasty software from the Internet.

Last summer, the company released a security update to
Windows XP. By default, it recommends switching on automatic updates and installs a firewall that blocks the traffic used by the worm to propagate.

But even if those measures had been turned off, users of the latest Windows operating system were not affected. Microsoft reworked the software to ensure that it was less exposed to remote attacks.

"Compared to earlier versions of Windows, there are a third less vulnerabilities because of the security development work we have done — and half the number of critical vulnerabilities," Wilson said.

Microsoft will further ratchet up security with its next-generation operating system, Windows Vista, which is set for release next year.

Still, few expect the number of attacks to diminish. Running on an estimated 90 percent of PCs, Windows offers malicious programmers the opportunity of wide exposure and the potential of great damage should an attack succeed.

No comments: