• United States

Virus attacks

Oct 20, 20032 mins

What a month. A rundown of the human frailty, spam and the dangerous Microsoft Windows vulnerability that combined to produce four major Internet worm attacks in August.

The four attacks:

* The W32.Mimail, a mass e-mailed worm, looks like a system administrator’s message.

* The W32.Blaster Internet worm exploits a flaw in Windows’ implementation of the remote procedure call (RPC) protocol and spreads worldwide in a matter of hours, infecting hundreds of thousands of Windows machines.

* Others emerge that exploit the same vulnerability as Blaster, including W32.Welchia, which disrupts networks while PC users try to patch the RPC vulnerability.

* A new version of the Sobig worm, W32.Sobig.F, bombards e-mail accounts worldwide.

Experts agree that these worms are so effective because they spread rapidly via e-mail, they attack Windows, and they are relatively easy to assemble. The only consensus about prevention is on how much work it takes: for Microsoft, antivirus vendors and user companies.

CIO John Halamka of CareGroup and Beth Israel Deaconess Medical Center says a combination of firewall, network intrusion detection systems, anti-virus software and patches worked to keep his facilities worm-free during the outbreak. Halamka’s IT staff held what he called an “all nightmare-athon” patching session in late July for the hospital’s 130 Windows servers. Worm-free, yes. Cost-free, no.