Beware – the MSBlast worm may return

22 Sep 2003

Computer users in businesses and homes across the world have been warned that there may be a sequel to the contentious MSBlast worm that caused havoc throughout August and September.

According to experts, malicious hackers are starting to circulate malicious computer code that exploits recently discovered vulnerabilities in versions of Microsoft’s Windows operating system.

Last week, two providers of security services – Counterpane Internet Security and iDefense – said they had discovered malicious code that exploits a recently discovered flaw in most versions of Microsoft’s Windows operating system.

The huge Windows vulnerability that Microsoft acknowledged on 10 September 2003 provides attackers with all the tools they need to strike enterprises with another worm such as MSBlast. The steps many enterprises took for the recent MSBlast attack — and the fact that the newly discovered “exploit” does not specifically target consumer desktops — will limit the impact of the coming attack. However, unprepared enterprises will get hit just as hard as they were by MSBlast.

Security experts say that malicious hackers and virus writers are already swapping code designed to slip through the new vulnerabilities. IDefense, for example, discovered the code being circulated from Chinese websites and that some computers were already being broken into to exploit the new code.

According to Gartner enterprises should immediately do the following:

*Use internet firewalls to block the most vulnerable Windows ports: User Datagram Protocol ports 135, 137, 138 and 445 and TCP ports 135, 139, 445 and 593.

*Check that Windows services using these ports are not exposed on extranets or DMZs (demilitarized zones).

*Follow Gartner’s long-standing advice to install centrally managed personal firewalls on all laptops and to audit the configurations of these firewalls to ensure that the vulnerable ports are not accepting connections.

*Gartner also recommends that enterprises apply the latest Microsoft security patch to every desktop and server running Windows.

According to Gartner analyst John Pescatore: “Windows has a higher security cost of ownership than other operating systems and you should budget for the cost of installing personal firewalls, monthly patching and continual vulnerability assessment for all Windows PCs and servers. Include these additional security costs whenever you evaluate the cost of alternative platforms. Also, heavily weight the security track record of software vendors and products when you make procurement decisions.”

By John Kennedy