Experts Warn of New Worm Threat
By Brian Krebs
Microsoft Corp. is warning consumers that it discovered new security holes
in its Windows operating system that could be exploited by an Internet worm
similar to the "Blaster" worm that infected more than a half-million
computers last month.
Security experts cautioned that a new worm could emerge within several
hours or days, and could be far more damaging than Blaster.
"We got really lucky that Blaster didn't try to delete files or render
computers otherwise unusable," said Vimal Solanki, senior product marketing
manager for Santa Clara, Calif., anti-virus software designer Network
Associates. "It's really up to your imagination what hackers could do with
Microsoft urged consumers to immediately download and install free software
from its Web site to patch the vulnerabilities. The Department of Homeland
Security also issued an advisory about the security holes.
The problems reside in services deeply woven into the fabric of the Windows
operating system that allow users to communicate across Microsoft networks.
Microsoft labeled both flaws "critical," meaning they could be easily
exploited by an Internet worm, a program that spreads rapidly across the
Internet without any action on the part of the user.
"We're urging all Microsoft users to patch their systems as soon as
possible, because -- whether or not we do see a worm that takes advantage of
this -- hackers could still use the vulnerability to execute whatever
programs they wanted to on a user's machine," said Stephen Toulouse, a
program manager at Microsoft's security response center.
Alfred Huger, senior director of engineering at Symantec Security Response,
said his company has observed several exploits already in circulation within
online hacker channels. Huger said Cupertino Calif.-based Symantec's own
security researchers figured out how to alter the Blaster exploit for use
against the most recent security hole.
"It certainly would not be a great leap forward to modify Blaster to fit
this current problem," Huger said. "With this new security hole, we're
looking at the exact same situation [as with Blaster], except that far fewer
people are currently patched against it."
"This is pretty much identical to the issue that spawned the Blaster worm,"
said Art Manion, an Internet security analyst with the CERT Coordination
Center, a government-funded security watchdog group at Carnegie Mellon
University in Pittsburgh.
Microsoft on July 16 advised users to patch their computers to prevent
worms like Blaster. One week later, computer code to exploit the security
hole was posted online. Less than two weeks after that, the first of several
Blaster worms hit the Internet.
Dan Ingevaldson, engineering manager for Atlanta-based Internet Security
Systems's X-Force research development group, said the window of opportunity
for users to patch their systems would likely be far shorter this time
because hackers already know how the vulnerable service interacts with the
Windows operating system.
"It's not going to take a real genius to cobble together a new attack,"
Many large Internet service providers have installed filters to block
Blaster-like Web traffic, which could lessen the damage caused by a new
worm, said Manion of CERT.
© 2003 The Washington Post Company