|
|
|
More destructive Blaster variants expected
TECH-security pros knew a worm was coming, once Microsoft announced in July a serious security vulnerability in the most-current versions of its Windows operating system. The worm arrived last week in the form of Blaster, or LoveSan, a virus that infected more than a million systems and clogged corporate networks.
Now they know what’s likely to come next: new attacks and variants that use the Blaster worm’s approach and create more-destructive strains.
“I’m now more concerned about the children of Blaster,” says Alfred Huger, senior director of engineering at security software maker Symantec Corp.
Blaster followed what’s become a common pattern: a virus author builds a worm to exploit a known flaw, and it succeeds because many people never install the patch to eliminate the vulnerability. The worm targeted at-risk Windows operating systems used by home users and businesses both.
McAfee Security estimates 1.4 million systems were infected last week, but that tally may go much higher, specially if variants succeed. Millions of computer systems are likely to remain unpatched, says Dan Ingevaldson, engineering manager for the security research group X-Force at Internet Security Systems Inc. By late last week, variants of the worm, ranging from changes in its name to minor tweaks in its code, began to surface. “All it takes is someone to grab the code and tweak it to make it better, faster, and much more destructive,” Ingevaldson says.
He says a more dangerous version would spread faster, not crash infected systems, and contain means to steal or destroy data: “It doesn’t take much to make these worms more destructive.”
New worm patches Windows
A new computer worm is spreading worldwide through a security hole in Windows — also used by last week’s Blaster worm — but then patching the hole instead of crashing the system like Blaster does, security experts said on last week.
The new worm, dubbed “Welchia” or “Nachi,” is similar to Blaster, but it purports to patch the hole Blaster exploited to enter into computers in the first place and tries to clean up after Blaster if the computer is infected with it.
On English, Korean and Chinese versions of the Windows operating systems, Welchia downloads the patch to fix the computer. Welchia apparently does not do that on other versions of Windows, said Joe Hartmann, director of North American anti-virus research at Tokyo-based Trend Micro.
In some instances, Welchia tries to clean up after Blaster if the computer has been infected with that worm. Then Welchia spreads to other systems that have the vulnerability, said Kuo.
Welchia, which is programmed to delete itself in 2004, is spreading widely in Asia, particularly in Japan, according to Hartmann.
The worm is creating more network traffic, and thus a slowdown, for many corporations as it checks for other vulnerable computers to spread to and because it instructs numerous computers in a network to try to download the patch simultaneously, they said.
SCO unveils SCOx
In spite of the legal circus engulfing The SCO Group, and lingering concerns about the Unix company’s future, top executives took the opportunity at the company’s annual partner conference in Las Vegas to outline SCO’s new internet and web services offerings and assert its intent to stay in business.
At SCO Forum 2003, SCO announced the delivery of key component of its SCOx web services initiative, SCOx WebFace Solution Suite 4.0, as well as the SCOsms Web Services API and SCObiz Web Services APIs.
The enhanced suite and new APIs, designed to enable partners and customers to migrate legacy Unix applications to a services-oriented architecture, consists of the WebFace Browser Application Platform and WebFace Studio development platform.
MS updates Business Portal
Microsoft Business Portal gets an update this week with promised new human resource and key performance measurement capabilities.
Release 1.2 of the portal, which initially shipped in April, adds a promised Human Resource Management (HRM) Self-Service Suite and a Key Performance Indicators (KPI) module.
HRM Self-Service Suite includes modules for Employee Profile, Employee Pay, Time and Attendance, Recruitment, and Skills and Training. The update is just Microsoft’s latest incremental foray into business applications. — Dawn ScienceDotcom Report
|
|
|
|
