Tuesday, August 16, 2005
Major Disruption by Worm Underscores Need for Patching
In the evening of August 16, 2005, anti-virus, news organizations, and computer security firms were reporting that two worms which exploit a security hole in computers with Windows 2000, as well as perhaps early versions of Windows XP, are propagating rapidly. One expert indicated the worms have the potential for exponential growth. Last week, BOL reported on the newly released Microsoft security patches which are designed to fix this security hole, and others.
Once a security hole is discovered and made public, it's just a brief matter of time before hackers go into overdrive attempting to find machines plagued by the security hole. That's why it is so essential to move quickly to test the security patches as they become available and to implement them after you ensure they will not negative impact critical systems.
In a warning put out this evening by anti-virus firm TrendMicro, the company said about the worm:
It also has backdoor capabilities, and may execute commands coming from a remote malicious user. This provides remote users virtual control over affected systems, thus compromising system security.
As a form of an anti-debugging technique, this worm also gathers Web sites from RSS feeds, then randomly sends these sites as messages in the IRC channel it is connected to. It does this in order to confuse or mislead anyone who is monitoring the IRC channel from the real IRC commands it issues.
================
Among those reportedly affected -- CNN, New York Times, ABC, illustrating that it's not just naive home users or small businesses. Patch management can be even more of a challenge for large enterprises. One news story also just reported that at least two Canadian banks were affected. News Story.
In the evening of August 16, 2005, anti-virus, news organizations, and computer security firms were reporting that two worms which exploit a security hole in computers with Windows 2000, as well as perhaps early versions of Windows XP, are propagating rapidly. One expert indicated the worms have the potential for exponential growth. Last week, BOL reported on the newly released Microsoft security patches which are designed to fix this security hole, and others.
Once a security hole is discovered and made public, it's just a brief matter of time before hackers go into overdrive attempting to find machines plagued by the security hole. That's why it is so essential to move quickly to test the security patches as they become available and to implement them after you ensure they will not negative impact critical systems.
In a warning put out this evening by anti-virus firm TrendMicro, the company said about the worm:
It also has backdoor capabilities, and may execute commands coming from a remote malicious user. This provides remote users virtual control over affected systems, thus compromising system security.
As a form of an anti-debugging technique, this worm also gathers Web sites from RSS feeds, then randomly sends these sites as messages in the IRC channel it is connected to. It does this in order to confuse or mislead anyone who is monitoring the IRC channel from the real IRC commands it issues.
================
Among those reportedly affected -- CNN, New York Times, ABC, illustrating that it's not just naive home users or small businesses. Patch management can be even more of a challenge for large enterprises. One news story also just reported that at least two Canadian banks were affected. News Story.
Comments:
Post a Comment
