Worm attacks free speech

17 Aug 2005

A virus exploiting a new Microsoft vulnerability has disrupted businesses across Europe and the US, including media organisations CNN, Financial Times, ABC and the New York Times. It is not yet clear whether any Irish-owned firms have been affected.

The worm is affecting computers that are not properly patched against Microsoft security holes such as the MS05-039 Plug and Play vulnerability. It works by infecting networks and then targeting each computer – causing them to repeatedly shut down and reboot – preventing users from logging on. It is not immediately obvious which worm has caused the infection as a number of viruses exploit the vulnerability, including Tpbot-A and Dogbot-A, as well as the Zotob, Rbot and Tilebot-F worms but a Microsoft executive reportedly pinned the blame on a destructive new strain of Zotob.

The Financial Times has published a report on its website announcing it was infected by the worm, along with CNN, ABC and the New York Times. According to a CNN report, the news organisation was hit at 5pm on Tuesday in Atlanta and New York. Meanwhile, a spokeswoman for the New York Times said the newsroom and other corporate areas of the newspaper had been affected by a virus but that the problem had been rectified.

Increasingly virus writers are exploiting the new MS05-039 vulnerability that Microsoft issued a patch against last week.

Antivirus house Sophos warned such attacks were not unusual and that organisations with unpatched vulnerabilities could expect to be regular targets for virus writers, hackers and phishers. It also pointed out that more worms would attempt to exploit this particular vulnerability.

“The prime distinguisher of this outbreak is that some of the world’s most trusted media has been hit,” said Graham Cluley, senior technology consultant at Sophos. “In the case of CNN, millions of viewers were able to witness the damaging affects of the worm live on air.”

“These types of attacks are becoming a standard part of the virus writers’ armoury,” continued Cluley. “If you are responsible for network security inside an organisation it’s time to wake up and smell the coffee: you need to patch your systems now against these security holes or not be surprised when hackers and worms blast their way through.” He advised organisations to ensure their antivirus software automatically updates itself, that they have a strong firewall in place and that they have installed the latest Microsoft security patches.

So far, Irish firms seem to have escaped the brunt of the attacks. Conall Lavery, managing director of Irish computer security consultancy Entropy, said none of the firm’s customer base had signalled any problems. “We’d have a couple of hundred sites where we’ve put in content screening and none of them have so far reported problems,” he said. He also expressed surprise that big media names had been affected and did not have the screening systems in place to guard against such attacks.

Some security sources were today pointing the finger of blame at e-workers within the affected firms whose laptops got infected while they were working outside the office and these then spread the worm internally when they re-connected to the network.

“That’s a very hot area at the moment,” said Lavery. “We are spending a lot of time with existing customers trying to tackle that particular problem: the [network] gateway is fairly locked down as this stage but the road warrior and home worker could possibly leave the door open for infection …. So yes, that could definitely have happened here.”

By Brian Skelly