
Subscribe to
Computerworld
or
Other Security Stories
August 25, 2003 (Computerworld) -- Users scrambling to fend off a continuing barrage of malicious attacks last week expressed a growing sense of frustration over software vulnerabilities and the constant need to defend against new and increasingly sophisticated threats.
The attacks disrupted IT services at some large companies and prompted the U.S. Department of Homeland Security to issue an advisory relating to one of them.
"We are just very tired of this," said Eric Beasley, a network administrator at Baker Hill Corp., an application service provider in Carmel, Ind. "But it's unfortunately only a harbinger of what's to come."
For the second straight week, security administrators found themselves battling fires on multiple fronts. First, a variant of the recent Blaster worm, variously called Nachi, Welchia or MSBlast.D, surfaced early last week.
Dubbed by some as a "do-gooder" worm, Nachi was ostensibly created to disinfect and patch systems infected by Blaster. But the huge volume of Internet Control Message Protocol (ICMP) traffic that Nachi generated on corporate networks prompted the DHS to issue a warning about denial-of-service attacks caused by the worm.
The other attack came from W32/Sobig.F, a fast-spreading variant of a previous e-mail-borne virus that by midweek had earned the dubious distinction of being the worst ever in terms of the number of systems infected worldwide.
Security experts attributed the worm's seemingly unprecedented speed and reach to its ability to install on each machine it infects a Simple Mail Transfer Protocol server, which it uses to propagate itself via e-mail, and to the fact that it's spread both by e-mail and by network file-sharing.
The attacks disrupted service at some large companies. On Aug. 20, Jacksonville, Fla.-based CSX Corp., which owns the largest rail network in the eastern U.S., had to halt passenger and freight train servicesincluding the morning commuter trains in metropolitan Washingtonas a result of Blaster. The worm caused "significant slowdowns" to major applications, including dispatching and signal systems, according to a note on the CSX Web site.
Air Canada's reservation and airport check-in systems were similarly affected by Blaster, causing the Saint-Laurent, Quebec-based airline to delay and even cancel some flights on Aug 19.
Even companies not directly affected by last week's attacks felt their ripple effects.
External e-mail service at the MD Anderson Cancer Center at the University of Texas at Houston was slowed by Sobig.F "because of the massive number of pings and infected e-mail attempting to penetrate our perimeter defenses," said Lew Wagner, the center's chief information security officer. At its peak, the center's e-mail server was being hit by "tens of thousands" of such e-mails, he said.
And Baker Hill, which uses a third party to screen e-mail, had to deal with a stream of spoofed messages using the e-mail addresses of Baker Hill employees that were being bounced back by other servers.
On Aug. 19 alone, Dulles, Va.-based America Online Inc.'s automatic e-mail scanning service for its subscribers detected 23.2 million attachments containing the Sobig.F virus, according to a company spokesman. Though the volume didn't disrupt service, Sobig.F was spreading "faster than any e-mail virus we have ever seen," he said.
Then on Aug. 21, users were scrambling yet again to patch systems against two newly discovered vulnerabilities, rated "critical," in Microsoft Corp.'s Internet Explorer software.
The experiences of the past two weeks have left IT managers fuming.
"It would be a great idea if the software industry had to pay attention to [the] product safety and security liability laws that other products have to adhere to," said Dennis Treece, director of corporate security at the Massachusetts Port Authority in Boston.
"As a rule, I don't like Congress messing around with laws governing cyberspace because it's so hard to write good law for such a dynamic field," he said. "But the issue of product liability is static enough as to beg [for] some sort of government intervention."
As threats become more sophisticated, there's a growing need for more automated tools for testing and dealing with them, Wagner said.
|
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|



Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.New baits |

"Security Directions" virtual trade show2008's Code-Red Security Issues for Protecting the EnterpriseWebcasts, white papers, demos, and more. Presented in a unique 3-d environment. Enter our show right now! Click here to enter
|

In SecurityThere's plenty of talk about how to behave during a Customs search of your computer and gear, but Jon Espenschied's got tips for securing your data (and privacy) before you reach the border. Click here to read the latest column by Jon Espenschied |
![]() |
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the
network security landscape has changed dramatically. Today's IT professionals still have the
primary responsibility of protecting the confidentiality of corporate information, preventing
unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.Download this white paper
|
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.Download this white paper |
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.View this demo
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |
