Security window of opportunity is closing
Security window of opportunity is closing
The latest Internet worm to affect users worldwide has also served to illustrate that the amount of time available to IT managers to administer a patch between the period after which a security flaw has been identified and the time a worm has been launched to exploit the vulnerability is diminishing rapidly.
The Sasser worm, which is named after the Microsoft Windows "Local Security Subsystem Service (LSASS)" vulnerability that exploits, is expected to reach its peak today when people bring their laptops into work after then weekend, as laptops are not protected by organisations' firewall systems if used on another server, thus exposing networks to infection.
What is notable about this latest attack, other than the fact that it is not spread by email like most other viruses, is the fact that the time between the reporting of the vulnerability by Microsoft and the start of the virus outbreak is a mere 18 days.
"Compared to the Blaster worm (which appeared in August last year) that took 26 days between vulnerability and outbreak, there is an ever-shortening time gap from vulnerability identification to exploitation, " according to security software vendor Trend Micro.
The worm spreads by scanning random IP (Internet Protocol) addresses for vulnerable systems. When such a system is found, the malware sends a specially crafted packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash and requires Windows to reboot.
The worm can infect any computer running Windows, 95, 98, ME, NT, 2000 or XP.
"Over the last several weeks, Symantec Security Response has monitored a shift in malicious threat propagation," said Alfred Huger, senior director, Symantec Security Response. "During the first several months of the year, most of the threats we tracked spread through email. However, now we are tracking more threats that are exploiting vulnerabilities to spread. Users need to be diligent in patching systems, updating virus definitions and implementing best practice solutions."
Related Article: