1. Forum
  2. Fidonet
  3. AMIGA

  • Risks Digest 22.85

    From Todd Sullivan@1:3613/1275.12 to All on Sat Aug 16 09:21:56 2003
    * This message forwarded from area '10TH_AMD' (10TH_AMD)
    * Original message dated 15 Aug 03, from Roy J. Tellason
    * Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.

    <...>

    Date: Thu, 14 Aug 2003 08:46:52 -0700
    From: "NewsScan" <newsscan@newsscan.com>
    Subject: FBI enters investigation of Blaster

    The FBI is investigating the origin of the malicious computer program
    Blaster (also known as MSBlaster and LoveSan), which has already wormed its
    way into more than 250,000 Internet-connected computers running Windows software. Blaster has been infecting computers in organizations of every
    kind (e.g, CBS, the Senate, and the Federal Reserve Bank of Atlanta) -- in spite of the fact that computer experts say it's not well-written software.
    Dan Ingevaldson of Internet Security Systems Inc. warns: "A better version
    of this worm wouldn't crash any machines; it would work correctly every
    time, move faster, and delete or steal its victims' files." [*The
    Washington Post*, 14 Aug 2003; NewsScan Daily, 14 Aug 2003]
    http://www.washingtonpost.com/wp-dyn/articles/A56071-2003Aug13.html

    --

    Date: Tue, 12 Aug 2003 12:23:22 -0400
    From: "Fuzzy Gorilla" <fuzzygorilla@euroseek.com>
    Subject: Re: Software patching gets automated (RISKS-22.84)

    In http://catless.ncl.ac.uk/Risks/22.84.html#subj11.1 Peter Neumann
    speculates: "And when it is *fully* automated, think of how wonderful it
    will be to have new Trojan horses and security flaws installed
    instantaneously, without having to require human intervention.".

    Even without Trojan horses and security flaws, it introduces yet another
    point of failure into the system, as evidenced by the "Blaster" worm.
    According to a New Scientist article "Computer worm attacks software patch server" http://www.newscientist.com/news/news.jsp?id=ns99994046 :

    After infecting a vulnerable computer, the worm is programmed to send a
    volley of bogus traffic to Microsoft's software update service,
    windowsupdate.com on 16 August. If enough machines are infected this will
    overwhelm the site, preventing system administrators from using it to
    download the software patches needed prevent other machines being
    infected. "It's an extremely devious trick by Blaster's author," says
    Graham Cluley, of UK anti-virus company Sophos. "Blaster attempts to knock
    Microsoft's windowsupdate.com Web site off the Internet."

    Todd Sullivan

    ... "Ketchup on the male, Gen..." - DannyD

    --- Spot 1.3b Unregistered
    * Origin: Home of the Amiga Echo (1:3613/1275.12)