| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 36732 | 2003-08-19 01:42:00 | New MSBlast variant plugs hole | stu140103 (137) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 168576 | 2003-08-19 01:42:00 | From CNET New MSBlast variant plugs hole A variant of MSBlast spread on Monday, but the new worm has an odd twist: It applies a patch for the vulnerability that it and other MSBlast worms use to infect Windows systems . The new worm, dubbed W32 . Welchia, W32/Nachi and Worm_MSBlast . D, appears to properly download the patch for both Windows 2000 and Windows XP from Microsoft's Web site . Moreover, the variant will delete itself the first time an infected computer starts up in 2004 . That doesn't mean that such worms are a good idea, said Joe Hartmann, North American director for antivirus research at security software firm Trend Micro . "This is just a regular worm like anything else," he said . "In the end, they are going to cause more trouble than they help . " Despite the apparent lack of malicious intent, the worm still sends a great deal of unwanted traffic, as it tries to spread to other computers . In addition, if several computers download the patch from Microsoft at the same time, it could slow network performance, Hartmann said . "That's the way we found out about this--when our clients came to us complaining of slow network performance," he said . The original variant ( . com . com/2100-1002-5064590 . html?tag=nl" target="_blank">news . com . com) of the MSBlast worm continued to spread over the weekend and has likely infected more than 570,000 computers, according to security firm Symantec . The company's data measures the number of Internet addresses that show signs of a worm infection . Because Internet addresses don't correspond to single computers, the number is a rough estimate of total infections . Moreover, it is uncertain what fraction of those compromised computers has been cleaned of the infection . Oliver Friedrichs, senior manager for Symantec's security response center, agreed that worms aren't a good way to distribute patches . "I don't necessarily think whenever you infect someone's systems, install software and reboot the computer that that is a good thing," he said . "It still tries to propagate; it is still attacking people over the Internet . " The patching worm doesn't install software on all computers . The latest variant of MSBlast only plugs the security holes on the English, Korean and Chinese versions of Windows XP and Windows 2000 . And it doesn't remove infections that have already compromised a computer . The latest variant of the worm comes three days after Microsoft managed to dodge a denial-of-service attack promised by the original worm . The attack, which would have leveled a flood of data at Microsoft's Windows Update site, was foiled when the software giant deleted the address the worm was targeting . The worm is expected to continue to spread despite the aborted attack . Microsoft also announced on Friday that an e-mail hoax is circulating . The subject line of the e-mail is "updated," and the message appears to contain a critical update to patch systems against the MSBlast worm . In reality, clicking on the attached file will infect the recipient's computer with a Trojan horse program . Antivirus company Sophos dubbed the new program Graybird . Microsoft warned consumers that it never uses e-mail to distribute patches . |
stu140103 (137) | ||
| 1 | |||||