As Blaster spreads, patching accelerates

By Lawrence M. Walsh, Managing Editor TechTarget Security Media Group 13 Aug 2003 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Enterprises are accelerating their patching of the RPC-DCOM vulnerability following the rapid spread of a worm exploiting the well-publicized Windows flaw.

Blaster, also known as Lovsan and the RPC worm, started slowly circulating Monday and quickly picked up speed, infecting Windows machines around the world. Symantec's Security Response Team says it has identified more than 167,000 infected hosts that are continuing to attempt to spread the worm.

Microsoft provided a workaround immediately following the vulnerability's discovery three weeks ago. Shutting down ports 135, 139, 445 and 593 blocked systems from infection. Many enterprises were rolling out the patch that corrects the RPC flaw, but the fast-spreading Blaster caught many off guard.

"Enterprises were still on a two week roll out plan, and many enterprises were planning to be halfway rolled out by now," says Eric Schultze, executive director of product research and development at Shavlik Technologies. "Now, they're accelerating plans."

The RPC-DCOM vulnerability primarily affects Windows 2000 and XP, but may also affect Windows NT 4.0 and Windows Server 2003. Schultze says many enterprises are upgrading to Windows 2000 SP3, since Microsoft hasn't tested and doesn't support the patch for SP2.

Home and remote office users were particularly hard hit, since many don't have personal firewalls or install patches. Worst, infected machines brought into corporate environments allowed Blaster to circumvent the workarounds and infect corporate networks.

As of Tuesday night, Symantec and others say Blaster's propagation is slowing, but remains dangerous.

"The patch for the vulnerability is effective, and it's important to apply the patch," says Dee Liebenstein, group product manager for Symantec Security Response. "Just because Blaster is slowing down doesn't mean that the threat is gone. There's a chance for future variants."

For those infected, the CERT Coordination Center has also released steps for recovering from the worm's infection.

Tags: Industry,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Industry Breach forces payroll service provider PayChoice to shut down again SSH key compromise shuts down Apache website Twitter, Facebook hit by denial-of-service attacks Is a partnership certification worth the money? Part III -- security Experts weigh in on spyware's defining moment Presentation: Employee monitoring -- Balancing best practices and privacy Presentation: Security budgets -- Getting what you need Presentation: Understanding business requirements -- A blueprint for digital security Presentation: Staffing security positions -- How to choose the right personnel Organized fraud: Internet hackers conduct coordinated hacking attempts

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary