- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Hackers have posted code that could be used to target Microsoft's Windows operating system in a worm attack.
The code, which was published early Thursday on the Milw0rm Web site, works on the Windows 2000 operating system, according to Oliver Friedrichs, director of emerging technologies with Symantec's Security Response.
It takes advantage of a flaw in the Windows Workstation service, which Windows uses to do such things as file-sharing or printing over the network.
When Microsoft patched this flaw in its monthly batch of security fixes earlier this week, security vendors had warned that this was one of the most critical of the November updates, and could possibly be exploited in a self-replicating worm.
On Thursday, they reiterated this advice, though the odds of a widespread worm may not be great.
"If you run Windows 2000 systems in your environment, this flaw is the most critical one to patch, and even more so now that there's a live working exploit on the Internet," said Marc Maiffret, chief technology officer with eEye Digital Security Inc.
Maiffret said that while the Workstation flaw is "just as easy to exploit" as the flaws used by the Blaster and Zotob worms, the bad guys have realized that they can be more effective by using their malware in low-key, targeted attacks. "Nobody is going to dare to write a worm," he said. "Why would they, when they could target companies and make money off of them?"
"All worms do is create awareness," he added.
There is also a technical factor that may limit the spread of any worm based on this exploit code.
According to Friedrichs, the attack code must also be aware of a legitimate domain controller on the victim's network. "It limits somewhat the exposure of systems on the Internet," he said.
Symantec has not yet seen this malware being used in attacks, Friedrichs said Thursday.
Still, some security vendors think that a worm attack could be in the works. "If we are able to confirm that it does work ... then the possibility of a worm is really high," said Amol Sarwate, Vulnerability Research Lab manager with Qualys. "Once people get it working, it's only a matter of time for people to encapsulate it in worm behavior."
Qualys researchers are studying the exploit code and are still not sure which versions of Windows can be compromised by the attack, he said.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment