Worm Attack Effects 'under Control'
The aftershocks of the latest worm to attack the internet continue to be felt around the world this morning, although security experts say that the problem is largely under control. The SQL Slammer worm, which is also known as Sapphire, crippled tens of thousands of computers worldwide....
The aftershocks of the latest worm to attack the internet continue to be felt around the world this morning, although security experts say that the problem is largely under control.
The SQL Slammer worm, which is also known as Sapphire, crippled tens of thousands of computers worldwide. It also congested the network for countless others, and disabled Bank of America cash machines.
Some experts expressed concern that lingering infections could appear as businesses reopen this morning. The FBI have said that the attack's origin is still unknown.
Slammer exploited a known security hole in Microsoft's SQL Server 2000 software, which was discovered in July and could have been stopped by software update patches introducing extra code. Microsoft first spotted the problem at 1.30pm GMT on Friday as the worm attack created a surge in global internet traffic.
As the worm infected one computer, it was programmed to seek other victims by sending out thousands of probes per second, saturating many internet data pipelines.
Unlike most viruses and worms, it spread directly through network connections and did not need email as a carrier. Therefore, only network administrators who run servers, not end users, could do anything to remedy the situation.
SQL Server 2000 is used mostly by businesses and governments, but many users had not updated their software in time to avoid the latest worm. Microsoft has said that most home users are not affected by the worm.
The latest virus-like attack on the internet exposes more than a software flaw: it illustrates that the very strategy typically adopted for security by the managers of computer networks has proven to be inadequate.
Bruce Schneier, chief technology officer at Counterpane Internet Security, said the attack has shown that relying on patches is flawed, "not because it's not effective, but many don't do it".
Howard A Schmidt, cybersecurity adviser to the US president, George Bush, said that the impact of the worm was largely avoidable. "There was a lot that could have been done between July and now," he added.
"We make sure we have air in our tyres and our brakes get checked. We also need to make sure we keep computers up to date."
Two previous major outbreaks, Code Red and Nimda, had also exploited known problems for which patches were available.
But with more than 4,000 new vulnerabilities reported last year, according to the government-funded CERT Coordination Centre at Carnegie Mellon University, system administrators can have trouble keeping up.
Patches also take time to install and could disrupt other systems and applications. Mr Schmidt said that many network managers delay installing patches to fully test them first.
Meanwhile, Wired news has reported that some people could not download the security fix due to the high level of demand, coupled with the heavy internet traffic caused by the worm itself.
Microsoft spokesman Rick Miller said that the company is working with network professionals to develop better tools, including ones to automatically scan systems for known vulnerabilities.
Experts believe security needs to be rethought if future attacks are to be prevented. Favoured approaches range from getting vendors to make better software to paying private companies more money to handle the brunt of the work.
Microsoft executives have said that they want to make security updates automatic, meaning users could grant permission once and then have multiple patches installed over the internet whenever needed. Network managers, however, worry that such automation could inadvertently introduce problems for other applications.
A larger problem is inadequate information on which patches need to be tested and installed first, said Dan Ingevaldson at the Internet Security Systems' X-Force research arm.
The SQL Slammer worm, which is also known as Sapphire, crippled tens of thousands of computers worldwide. It also congested the network for countless others, and disabled Bank of America cash machines.
Some experts expressed concern that lingering infections could appear as businesses reopen this morning. The FBI have said that the attack's origin is still unknown.
Slammer exploited a known security hole in Microsoft's SQL Server 2000 software, which was discovered in July and could have been stopped by software update patches introducing extra code. Microsoft first spotted the problem at 1.30pm GMT on Friday as the worm attack created a surge in global internet traffic.
As the worm infected one computer, it was programmed to seek other victims by sending out thousands of probes per second, saturating many internet data pipelines.
Unlike most viruses and worms, it spread directly through network connections and did not need email as a carrier. Therefore, only network administrators who run servers, not end users, could do anything to remedy the situation.
SQL Server 2000 is used mostly by businesses and governments, but many users had not updated their software in time to avoid the latest worm. Microsoft has said that most home users are not affected by the worm.
The latest virus-like attack on the internet exposes more than a software flaw: it illustrates that the very strategy typically adopted for security by the managers of computer networks has proven to be inadequate.
Bruce Schneier, chief technology officer at Counterpane Internet Security, said the attack has shown that relying on patches is flawed, "not because it's not effective, but many don't do it".
Howard A Schmidt, cybersecurity adviser to the US president, George Bush, said that the impact of the worm was largely avoidable. "There was a lot that could have been done between July and now," he added.
"We make sure we have air in our tyres and our brakes get checked. We also need to make sure we keep computers up to date."
Two previous major outbreaks, Code Red and Nimda, had also exploited known problems for which patches were available.
But with more than 4,000 new vulnerabilities reported last year, according to the government-funded CERT Coordination Centre at Carnegie Mellon University, system administrators can have trouble keeping up.
Patches also take time to install and could disrupt other systems and applications. Mr Schmidt said that many network managers delay installing patches to fully test them first.
Meanwhile, Wired news has reported that some people could not download the security fix due to the high level of demand, coupled with the heavy internet traffic caused by the worm itself.
Microsoft spokesman Rick Miller said that the company is working with network professionals to develop better tools, including ones to automatically scan systems for known vulnerabilities.
Experts believe security needs to be rethought if future attacks are to be prevented. Favoured approaches range from getting vendors to make better software to paying private companies more money to handle the brunt of the work.
Microsoft executives have said that they want to make security updates automatic, meaning users could grant permission once and then have multiple patches installed over the internet whenever needed. Network managers, however, worry that such automation could inadvertently introduce problems for other applications.
A larger problem is inadequate information on which patches need to be tested and installed first, said Dan Ingevaldson at the Internet Security Systems' X-Force research arm.
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- Internet Security
- Information Security
- What Is an Internet Filter?
- Home Computers are Becoming a Prime Target for Computer Thieves
- Security Hole Mail Header Injection at PHP
- Protecting your website from Stealing Dogs: Use Javascript Coding for avoiding content theft
- Privacy And Security Features Of Internet Explorer
- How to Secure a Cable Internet Connection
- Wireless Security Cameras for the Internet - Why Do You Need One?
- Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site
- The Main Online Threats
- Checklist for Internet Security Software and Firewall
- Everything you need to know about a computer virus
- VoIP Security – How Secure Are Your Calls?
- Keep Your Data Safe Behind a Firewall
- The Next Big IT Crash is Coming Soon
- DOS Attacks - Denial of Service Attacks
- Keeping Your Network Safe
- Security Professionals Found Operating Unsecured Networks
- Network Security