Page 3

By Ryan Naraine  |  Posted 2005-08-26 Print this article Print

"Were literally in a meeting going over our plans, keeping track of things, when we got word on Tuesday that CNN was reporting they had been hit. At the time, we knew a high-profile target was reporting they had been hit and they didnt know what it was. Their computers were shutting down and restarting," Toulouse recalled.

Microsoft would use the mainstream media interest to its advantage. The MSRC got in touch with CNN officials to discuss the attack and help contain the threat, but the television network would offer more value.

"We invited them to the Situation Room, and we let them help us get the word out. This attack against CNN was not a new attack. It was the same thing we were seeing since Sunday, but it became a major story because some big media companies got infected.

"At this stage, there are two things we want people to know. This affects Windows 2000 only, and the available patch provides protection. We also want them to know were working to help those who were impacted."

By this time, there were about a dozen Zotob mutants and evidence of rival virus writers deleting each others malware. The MSRC made the decision to ship an out-of-cycle update of the malicious software removal tool to offer detection and disinfection.

Click here to read more about Microsofts Zotob worm remover. The utility is normally updated only on the second Tuesday of every month, but with Zotob squirming and the mainstream media reporting a major outbreak, Microsoft wanted customers to find immediate help.

"In the Situation Room, everything is happening simultaneously. While we were providing updates to our incident page, we were working on getting that information to the malware removal tool. We werent seeing, from our end, a massive sudden change in situation. It was the same low level of impact but with new variants and some different customers were being impacted," Toulouse said.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. Once the malware remover shipped, all the guidance pages needed to be updated to reflect the fact that it was available and to point customers to the download location. The plan was to add the tool to Automatic Updates as part of the September patch cycle.

"At the moment, were still mobilized, but things have settled down," he said. "Were continuing to investigate the variants. As we see new variants, well add detections in the tool and make that available broadly on the next patch day."

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel