* This message forwarded from area '10TH_AMD' (10TH_AMD)
* Original message dated 15 Aug 03, from Roy J. Tellason
* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.
<...>
Date: Thu, 14 Aug 2003 08:46:52 -0700
From: "NewsScan" <
newsscan@newsscan.com>
Subject: FBI enters investigation of Blaster
The FBI is investigating the origin of the malicious computer program
Blaster (also known as MSBlaster and LoveSan), which has already wormed its
way into more than 250,000 Internet-connected computers running Windows software. Blaster has been infecting computers in organizations of every
kind (e.g, CBS, the Senate, and the Federal Reserve Bank of Atlanta) -- in spite of the fact that computer experts say it's not well-written software.
Dan Ingevaldson of Internet Security Systems Inc. warns: "A better version
of this worm wouldn't crash any machines; it would work correctly every
time, move faster, and delete or steal its victims' files." [*The
Washington Post*, 14 Aug 2003; NewsScan Daily, 14 Aug 2003]
http://www.washingtonpost.com/wp-dyn/articles/A56071-2003Aug13.html
--
Date: Tue, 12 Aug 2003 12:23:22 -0400
From: "Fuzzy Gorilla" <
fuzzygorilla@euroseek.com>
Subject: Re: Software patching gets automated (RISKS-22.84)
In
http://catless.ncl.ac.uk/Risks/22.84.html#subj11.1 Peter Neumann
speculates: "And when it is *fully* automated, think of how wonderful it
will be to have new Trojan horses and security flaws installed
instantaneously, without having to require human intervention.".
Even without Trojan horses and security flaws, it introduces yet another
point of failure into the system, as evidenced by the "Blaster" worm.
According to a New Scientist article "Computer worm attacks software patch server"
http://www.newscientist.com/news/news.jsp?id=ns99994046 :
After infecting a vulnerable computer, the worm is programmed to send a
volley of bogus traffic to Microsoft's software update service,
windowsupdate.com on 16 August. If enough machines are infected this will
overwhelm the site, preventing system administrators from using it to
download the software patches needed prevent other machines being
infected. "It's an extremely devious trick by Blaster's author," says
Graham Cluley, of UK anti-virus company Sophos. "Blaster attempts to knock
Microsoft's windowsupdate.com Web site off the Internet."
Todd Sullivan
... "Ketchup on the male, Gen..." - DannyD
--- Spot 1.3b Unregistered
* Origin: Home of the Amiga Echo (1:3613/1275.12)