harbormaster
08-12-2003, 05:41 PM
I put this post here so most people would see it.
There is a fast traveling internet worm out there.
you need to go to microsoft's site and update your windows.
http://microsoft.com/security/incident/blast.asp
Here is some info on it.
********************************
A fast-spreading Internet worm detected Monday afternoon is infecting thousands of computers worldwide and is expected to cause headaches for business and home users running the Microsoft Windows operating system.
The worm takes advantage of a vulnerability discovered three weeks ago that affects nearly all recent versions of Windows. Once a computer is infected, the worm installs instructions for attacking the Microsoft Update Web site -- the same site that users are encouraged to go to for downloading patches that would protect their systems from this worm and others. The worm then scans the Internet for other vulnerable computers.
"We're talking on the order of potentially hundreds of thousands of machines hit with this already," said Jeff Havrilla, an Internet security analyst at the CERT Coordination Center (news - web sites), a government-funded security watchdog group at Carnegie Mellon University in Pittsburgh. "The infection rate is still climbing, so this is far from over."
The "Blaster" worm, also known as the "San" worm, instructs infected computers to assault the Microsoft Update servers continuously after 12 a.m., August 16. Such an attack, launched by thousands of computers with high-speed connections, would prevent users from being able to reach the service, experts said. The worm is instructed to continue doing this until December 31, 2003, after which it will attack the update site on the 16th of every month.
Experts said the worm's infection rate likely will peak today.
The worm likely will cause headaches for home Internet users, many of whom run the Windows XP (news - web sites) operating system on their computers. Most computers with XP that get hit by the worm are expected to crash repeatedly, and technology experts said it will be difficult for many users to figure out how to get their PCs running smoothly enough to be able to patch their systems and install anti-virus updates.
The worm's impact could be worsened by the fact that many home users are not well versed in downloading patches and installing firewalls, and are unfamiliar with technology terms, said Alan Paller, director of research at the SANS Institute, a security research and training group in Bethesda, Md.
Windows XP computers ship with an auto-update feature, but most home users never download the patches when prompted, and even fewer keep their anti-virus subscriptions current after the initial three-month subscription that ships with their PC expires, Paller said.
Corporate and home users who update their anti-virus software, install firewalls and download the security patches from Microsoft likely will be protected from the worm.
The attack comes after weeks of warnings from Microsoft, security experts and the Department of Homeland Security that hackers were actively exploiting a Windows flaw to take control of vulnerable systems.
The department in a notice on its Web site said that other versions of the worm could be released in the next several days as hackers wage "copy cat" attacks.
A Microsoft spokesman said the company was aware of the worm and was taking steps to protect the site.
"We're taking some precautions to make sure we can provide as normal an experience for customers at our Windows Update site on August 16th as they experienced today," spokesman Sean Sundwall said.
Alfred Huger, senior director of engineering at Symantec Security Response, said the worm contains two sets of attack instructions, one for computers running Microsoft 2000 and another for Windows XP operating systems. The worm appears to favor Microsoft 2000 computers, an operating system most common in corporate networks. Windows XP, on the other hand, is predominantly installed in home-user PCs.
If a vulnerable system is attacked with the correct code, it will become infected and spread itself to other systems. But vulnerable systems hit with the wrong code will simply crash, Huger said.
"In very short order, we're seeing quite a few corporate production systems going down," he said.
Buried within the code of the worm is a jab at Microsoft founder Bill Gates (news - web sites): "I just want to say Love you San! Billy Gates why do you make this possible? Stop making money and fix your software!!"
Unlike viruses - which depend on user intervention such as opening an e-mail attachment to spread - worms can propagate rapidly to other computers without any action by the user.
In its attack method, the worm resembles "Code Red," which took the Internet by storm in the summer of 2001 and instructed infected machines to attack the White House Web site simultaneously. Federal law enforcement officials, working in tandem with the major Internet service providers, were able to stop the flood of traffic before it could bring down the White House Web servers.
Security experts were able to stop Code Red because it directed its army of computers to attack a particular Internet address. Blaster, however, instructs infected machines to ask for directions to the nearest Microsoft Update Web site, making it much harder to stop, said Dan Ingevaldson, engineering manager of Atlanta-based Internet Security Systems's (ISS) X-Force research and development team.
"If someone writes a more efficient variant of this worm, and there's a very good chance they will, this thing could be with us for a very long time," Symantec's Huger said.
There is a fast traveling internet worm out there.
you need to go to microsoft's site and update your windows.
http://microsoft.com/security/incident/blast.asp
Here is some info on it.
********************************
A fast-spreading Internet worm detected Monday afternoon is infecting thousands of computers worldwide and is expected to cause headaches for business and home users running the Microsoft Windows operating system.
The worm takes advantage of a vulnerability discovered three weeks ago that affects nearly all recent versions of Windows. Once a computer is infected, the worm installs instructions for attacking the Microsoft Update Web site -- the same site that users are encouraged to go to for downloading patches that would protect their systems from this worm and others. The worm then scans the Internet for other vulnerable computers.
"We're talking on the order of potentially hundreds of thousands of machines hit with this already," said Jeff Havrilla, an Internet security analyst at the CERT Coordination Center (news - web sites), a government-funded security watchdog group at Carnegie Mellon University in Pittsburgh. "The infection rate is still climbing, so this is far from over."
The "Blaster" worm, also known as the "San" worm, instructs infected computers to assault the Microsoft Update servers continuously after 12 a.m., August 16. Such an attack, launched by thousands of computers with high-speed connections, would prevent users from being able to reach the service, experts said. The worm is instructed to continue doing this until December 31, 2003, after which it will attack the update site on the 16th of every month.
Experts said the worm's infection rate likely will peak today.
The worm likely will cause headaches for home Internet users, many of whom run the Windows XP (news - web sites) operating system on their computers. Most computers with XP that get hit by the worm are expected to crash repeatedly, and technology experts said it will be difficult for many users to figure out how to get their PCs running smoothly enough to be able to patch their systems and install anti-virus updates.
The worm's impact could be worsened by the fact that many home users are not well versed in downloading patches and installing firewalls, and are unfamiliar with technology terms, said Alan Paller, director of research at the SANS Institute, a security research and training group in Bethesda, Md.
Windows XP computers ship with an auto-update feature, but most home users never download the patches when prompted, and even fewer keep their anti-virus subscriptions current after the initial three-month subscription that ships with their PC expires, Paller said.
Corporate and home users who update their anti-virus software, install firewalls and download the security patches from Microsoft likely will be protected from the worm.
The attack comes after weeks of warnings from Microsoft, security experts and the Department of Homeland Security that hackers were actively exploiting a Windows flaw to take control of vulnerable systems.
The department in a notice on its Web site said that other versions of the worm could be released in the next several days as hackers wage "copy cat" attacks.
A Microsoft spokesman said the company was aware of the worm and was taking steps to protect the site.
"We're taking some precautions to make sure we can provide as normal an experience for customers at our Windows Update site on August 16th as they experienced today," spokesman Sean Sundwall said.
Alfred Huger, senior director of engineering at Symantec Security Response, said the worm contains two sets of attack instructions, one for computers running Microsoft 2000 and another for Windows XP operating systems. The worm appears to favor Microsoft 2000 computers, an operating system most common in corporate networks. Windows XP, on the other hand, is predominantly installed in home-user PCs.
If a vulnerable system is attacked with the correct code, it will become infected and spread itself to other systems. But vulnerable systems hit with the wrong code will simply crash, Huger said.
"In very short order, we're seeing quite a few corporate production systems going down," he said.
Buried within the code of the worm is a jab at Microsoft founder Bill Gates (news - web sites): "I just want to say Love you San! Billy Gates why do you make this possible? Stop making money and fix your software!!"
Unlike viruses - which depend on user intervention such as opening an e-mail attachment to spread - worms can propagate rapidly to other computers without any action by the user.
In its attack method, the worm resembles "Code Red," which took the Internet by storm in the summer of 2001 and instructed infected machines to attack the White House Web site simultaneously. Federal law enforcement officials, working in tandem with the major Internet service providers, were able to stop the flood of traffic before it could bring down the White House Web servers.
Security experts were able to stop Code Red because it directed its army of computers to attack a particular Internet address. Blaster, however, instructs infected machines to ask for directions to the nearest Microsoft Update Web site, making it much harder to stop, said Dan Ingevaldson, engineering manager of Atlanta-based Internet Security Systems's (ISS) X-Force research and development team.
"If someone writes a more efficient variant of this worm, and there's a very good chance they will, this thing could be with us for a very long time," Symantec's Huger said.