Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, August 13, 2004

Happy Anniversary MSBlast

A year ago this week, MSBlast stormed onto the Internet, infecting millions of Windows PCs, disrupting business operations, and sending everyone and his uncle scrambling for the patch they should have deployed weeks before.

MSBlast hit the Net August 11, 2003, just 26 days after Microsoft released a fix for the vulnerability the worm exploited.

Even though users had nearly a month to get ready—and were warned ahead of time by security experts to expect a major attack—MSBlast found plenty of victims.

“MSBlast was definitely a wake-up call,” said Michael Cherry, an analyst with Directions On Microsoft, a research firm that specializes in topics concerning the Redmond, Wash.-based developer.  Oliver Friedrichs, the senior manager of Symantec’s security response teams, agreed with Cherry that MSBlast was a Big Deal, but for a different reason.  “MSBlast was unique in that it targeted both consumer and enterprise computers connected to the Internet, and didn’t need human interaction to infect machines,” said Friedrichs.  “MSBlast continued this real sea change where worms search out vulnerabilities, find one to use to attack, and spread.”

The wake-up call that MSBlast gave everyone is behind a whole host of changes in how enterprises approach security, and what Microsoft itself has put on the front burner.  While some analysts denied that there was a direct correlation between MSBlast and the appearance last week of Windows XP Service Pack 2, a long-touted security upgrade to Microsoft’s flagship OS, Pescatore had no such hesitation.  To stymie this kind of infection vector, enterprises have demanded, and vendors have crafted, technologies that check systems before they’re allowed to access the network.

Posted on 08/13