MSBlast epidemic far larger than believed
The latest data comes from the software giant’s ability to track the usage of an online tool that its engineers created to clean systems infected with the worm.
Since the January release of the tool, more than 16 million of the systems that connected to Microsoft’s Windows Update service were found to be infected with MSBlast and were offered a patch and the use of the disinfecting tool, the software giant told CNET News.com.
During the same period, about 8 million systems actually called on Update to patch them and prevent reinfection and used the special tool to remove the worm.
Though Microsoft believes the total number of users infected by the worm is likely closer to the higher, 16 million, tally, the 8 million figure may provide a more solid indication of the minimum number of systems hit.
The larger number may include systems counted more than once, as busy computers users declined to deal with the worm immediately, or canceled the process once it had begun, only to return to Windows Update later.
Once those systems were disinfected and patched, however, they would not be re-counted.
Microsoft did not track what systems, specifically, used the tool, just that it was used.
Late last year, “we knew we were getting reports from customers saying that they were still seeing symptoms of Blaster,” said Stephen Toulouse, security program manager for Microsoft’s security response center.
“Our Internet service provider partners were seeing a lot of Blaster traffic on their networks as well.”
In fact, the worm hit so hard that the company quickly asked some development teams to stop work on the software giant’s next version of Windows and create an interim update, known as Service Pack 2, to enhance the security of Windows XP.
Moreover, several months of complaints led Microsoft to augment Windows Update with the online tool to detect and clean the MSBlast worm.
The tool has also given Microsoft an invaluable data point to quantify the threat of such Internet worms.
Already, the size of the digital epidemic far exceeds the estimates of researchers who have tracked the worm since it first started spreading, on Aug. 11.
Typically, researchers try to estimate the size of a worm epidemic by collecting data from the records of network devices, such as firewalls and intrusion detection systems.
By aggregating the information from the devices, researchers can count the number of Internet addresses from which a worm, such as MSBlast, is trying to spread.
Most Internet security organizations had believed that at most 500,000 systems had been compromised by the self-propagating program.
“I don’t doubt (the new) number,” said Johannes Ullrich, chief technology officer for the Internet Storm Center, which collects firewall logs from thousands of volunteers in order to gauge which digital threats are spreading on the Internet.
Using the voluntarily submitted records, the Internet Storm Center had tallied enough Internet addresses to estimate that between 200,000 and 500,000 computers had been infected by the worm.
Another threat tracker, security company Symantec, has agreements with the owners of some 20,000 network devices to use their records for analysis.
The company crunches the numbers to keep track of threats on the Internet, and though it stopped counting once the MSBlast worm spread to more than 40,000 computers, Symantec estimated that “a couple hundred thousand” systems may have been compromised, said Alfred Huger, senior director of engineering for the company.
“However, I can’t contest it; they have the best insight.
Windows Update patches the vulnerability that allows the MSBlast to spread, but before January, it didn’t eradicate the worm from the compromised system.
They seemingly needed time to acclimate to a new reality where a single worm or virus could threaten millions of computers.
http://news.com.com/2100-7349_3-5184439.html?tag=nefd_top
Open-source flaw database opens its doors
The Open Source Vulnerability Database (OSVDB) has launched a free Web site that catalogues security flaws in Internet-related software. It will, say its creators, promote more open collaboration between companies and individuals “and reduce expenses inherent with the development and maintenance of in-house vulnerability databases”. There are various specialist mailing…
U.S. Goals Solicited On Software Security
The federal government should set goals for reducing flaws in computer software that allow attacks by hackers, and other regulations might be necessary to better protect cyberspace, an industry task force said yesterday. Despite rising incidents of worms, viruses and identity fraud that have cost businesses and consumers as much…
One in three firms suffer hacking attempts
One in three of the UK’s biggest companies has suffered hacking attempts on their websites in the last year, a government-sponsored survey has revealed. According to the 2004 Department of Trade and Industry biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers (PwC), four per cent of…
AT&T intrusion alerting and firewall services help thwart cybersecurity attacks
AT&T has introduced two new security services, AT&T Internet Protect and AT&T Personal Firewall, to give businesses and government agencies worldwide some of the most powerful weapons available to date in their ever-increasing battle against cyber security attacks.