Virus writers take advantage of a flaw in Microsoft’s operating systems
Gillian Shaw
Sun
Security specialists are scrambling to build defences against an attack over the Internet that could shut down networks as virus writers take advantage of a flaw in Microsoft’s operating systems.
At the same time, the Internet is being hit by a separate attack in which Nazi propaganda virus creators in Germany scheduled Jan. 5 — the 87th anniversary of a precursor to the Nazi party — to trigger a long-dormant virus that could already be residing in millions of computers around the world.
The combination could hit the Internet with what is almost the perfect cyber storm today, and while security specialists have been preparing their clients for a possible attack with fixes available to defend against the viruses, Microsoft’s patch for its operating systems won’t be released until next Tuesday.
Gregg Mastoras, a senior security analyst with Sophos, said his company has already seen 200 separate attacks exploiting the Windows vulnerability, and with several days left before Microsoft issues a fix for the problem, security specialists are bracing for even more.
“It absolutely has the potential to wreak a lot of havoc,” said Mastoras. “This is going to be more than likely a very significant week.
“This is one of those storms — I’m not sure if it will be a perfect storm, but it’s like a big wave where you’ll have to brace yourself and hopefully the wave will pass over and you’ll be okay.”
The Windows vulnerability prompted a Threat Condition 3 alert from Symantec, the company’s second-highest alert level, and the highest it has issued in almost two years. The vulnerability in the way Microsoft’s operating systems handle images in the Windows Metafile format means opening a malicious WMF file could trigger hostile code which could spread through websites, HTML e-mail, peer-to-peer file-sharing services, and instant messaging.
“We don’t get to pick and choose when these things hit,” said Dean Turner, senior manager at Symantec’s security response. “Consumers and enterprises have to be prepared for the worst-case scenarios.
“What we are seeing now is not a worst-case scenario, but it is a bad scenario. The Windows vulnerability is definitely critical.
“This is a serious vulnerability, and what makes it more serious is that we still have to wait for an official patch to be released Tuesday.”
Microsoft’s beta version of the patch was inadvertently posted on a website before being taken down, and unofficial patches have been released by people outside of Microsoft. The official, fully tested version is only slated for release on Tuesday, following Microsoft’s regular cycle of releasing patches on the second Tuesday of the month.
Derick Wong, senior security product manager for Microsoft Canada, said that still shrinks the patch process by several weeks and he said staff at the company’s Redmond, Wash., headquarters have been mobilized to work round the clock on a solution.
Microsoft isn’t the only company where security staffers are coming back from Christmas holidays to find a crisis. While the variant of the Sober virus being triggered Wednesday is not new, Randy Fougere, senior director of marketing for Fusepoint said some corporate and individuals computer systems must remain unprotected.
© The Vancouver Sun 2006
