Originally published September 4 2005
Worms exploit plug and play vulnerabilities
by Mike Adams, the Health Ranger, NaturalNews Editor
New Analysis: The Zotob outbreak has put a spotlight on ongoing security woes and is forcing IT departments to find better, quicker ways to distribute patches.
A mob of malicious programs knocked down networks across the country last week, using a powerful, remote exploit of the Windows Plug and Play service that appeared just a day after Microsoft issued a patch for the hole Aug. 9.
The fast-closing window to patch vulnerable systems is putting pressure on IT departments everywhere to find better ways to distribute patches.
But some experts warn that worm and bot outbreaks distract attention from a deeper and darker problem: undiscovered or undisclosed vulnerabilities in software running on critical systems.
By late last week, there were 19 worms that exploit the Plug and Play flaw, including new worm families such as Zotob and Dogbot and variants of Rbot, officials for security vendor Sophos plc.
Customer support workers at SBC Communications Inc. also were idled as variants of the recent Zotob and Rbot worms raced through the company's computer network last week, causing Windows 2000 systems to reboot and hampering the ability of staff to assist customers, said spokesperson Wes Warnick in San Antonio.
PointerZotob proves that patch management isn't enough.
Microsoft and others recommend a "defense in depth" approach for customers that includes a desktop firewall, anti-virus software, intrusion detection technology and patch management tools, said Stephen Toulouse, security program manager at Microsoft's Security Response Center, in Redmond, Wash.
A combination of those technologies kept Windows 2000 systems at Principal Financial Group from being hit with Zotob or its cousins, said Corey Null, who works in the information services group at Principal, in Des Moines, Iowa.
"Whatever Microsoft reports is only the tip of the iceberg," said Nand Mulchandani, vice president of business development and founder of Determina Inc., a security vendor based in Redwood City, Calif.
"In most of the [hacking] underground, if somebody finds a vulnerability, they'll use it, not write a worm for it."
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml