Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 About PC Flank's tests
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Ask the experts
 Leak Tests Catalog NEW!
 FAQ
 Glossary
 Community
 Forum
 Security Center
 Software Store
 Books Store
 Articles Library
 Software Reviews
 Interviews

 

Tip of the day
Always check e-mail attachments with anti-virus software even from people familiar to you.
Security News

MSBlast: the second arrival?

April 30, 2004

The warning comes after several security programmers released source code that makes it easy for an attacker to take control over computers running Windows operating system. The flaws targeted by the exploit code are two critical vulnerabilities that Microsoft warned about on April 13.

Vincent Weafer, senior director for security company Symantec's security response center, said that "Between now and the end of summer, it's likely we'll see...a Blaster-like event."

Currently, Symantec and the Internet Storm Center, a site that monitors network threats, have both detected automated attacks on computers that have not had the recent security patches applied. An exploit that uses a vulnerability in the private communications transport feature of Microsoft Internet Information Servers, has compromised systems at many companies.

While some news reports have theorized that a new worm is on the loose, the data traffic caused by the attacks has not risen to the level typically seen with worms, said Johannes Ullrich, chief technology officer for the Internet Storm Center.

"It's nothing I would call a worm yet, but companies are being hit with the code," he said. "It is not as prevalent as I would have thought by now."

The Internet Storm Center, has also found evidence of code that takes advantage of another, more widespread vulnerability. The flaw in a Windows Local Security Authority Subsystem Service (LSASS), has been added to an automated attack agent, AgoBot. AgoBot runs hidden on a compromised computer, giving an intruder full control of the system and the ability to use the PC as bridgehead in further attacks.

The two flaws threaten different pieces of the computing infrastructure. First vulnerability puts Web servers that use secure-sockets-layer encryption features at risk. Such servers are common in e-commerce applications, allowing intruders to target high-value computers with the vulnerability. The second flaw affects almost every Windows computer that has not yet been patched, leaving the door open to a worm attack.

Though a worm has not yet been created, the danger from would-be intruders that use the most recent exploit programs is still real, said Ullrich. The center, which tracks attacks and worms by analyzing firewall records, indicated that would-be intruders are scanning companies for vulnerable systems, and when they find such systems, they attack.

  Discuss this article on the Forum

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
In the Spotlight
» One man's job

» Outpost Firewall Pro Review

   
 

 
Sponsored links


   
 
Related Links
» Bagle incarnations
gonna run out of
the alphabet letters

» MyDoom,
Bagle and Netsky
fight for
Internet control

   
 

 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

Secure Internet surfing with Oupost personal firewall with antispyware and free firewall available for download at www.agnitum.com. 		 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2006 PC Flank Ltd. All rights reserved.