Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Worms Exploit Plug and Play Vulnerabilities

    By
    Paul F. Roberts
    -
    August 21, 2005
    Share
    Facebook
    Twitter
    Linkedin

      In 2003, the blaster worm infected as many as 10 million computers just three weeks after Microsoft Corp. issued a patch for the hole the worm exploited.

      Today, IT administrators would love to have even a week to patch their systems before a worm appears to exploit a new flaw.

      A mob of malicious programs knocked down networks across the country last week, using a powerful, remote exploit of the Windows Plug and Play service that appeared just a day after Microsoft issued a patch for the hole Aug. 9.

      The fast-closing window to patch vulnerable systems is putting pressure on IT departments everywhere to find better ways to distribute patches.

      But some experts warn that worm and bot outbreaks distract attention from a deeper and darker problem: undiscovered or undisclosed vulnerabilities in software running on critical systems.

      By late last week, there were 19 worms that exploit the Plug and Play flaw, including new worm families such as Zotob and Dogbot and variants of Rbot, officials for security vendor Sophos plc. said.

      /zimages/2/28571.gifRead more here about Zotob and PnP worms slamming 13 DaimlerChrysler plants.

      The flood of malicious programs, coming so soon after the Microsoft patch, made it hard for IT staff members at many companies to patch vulnerable systems in time.

      The worms knocked 13 of DaimlerChrysler AGs U.S. manufacturing plants offline for as long as 50 minutes on Tuesday, idling as many as 50,000 workers, said spokesperson Dave Elshoff in Detroit.

      Customer support workers at SBC Communications Inc. also were idled as variants of the recent Zotob and Rbot worms raced through the companys computer network last week, causing Windows 2000 systems to reboot and hampering the ability of staff to assist customers, said spokesperson Wes Warnick in San Antonio.

      SBC was still evaluating the Microsoft patch when the worms hit, Warnick said.

      “A large enterprise like SBC has to do testing to make sure that those patches are compatible with existing systems,” he said.

      /zimages/2/28571.gifZotob proves that patch management isnt enough. Click here to read more.

      Microsoft and others recommend a “defense in depth” approach for customers that includes a desktop firewall, anti-virus software, intrusion detection technology and patch management tools, said Stephen Toulouse, security program manager at Microsofts Security Response Center, in Redmond, Wash.

      A combination of those technologies kept Windows 2000 systems at Principal Financial Group from being hit with Zotob or its cousins, said Corey Null, who works in the information services group at Principal, in Des Moines, Iowa.

      The company usually requires a lot of time to test patches, but the company makes an exception for high-risk threats such as the Plug and Play flaw, Null said.

      But some experts warn that worm and malicious-code outbreaks can be somewhat of a smoke screen.

      “Whatever Microsoft reports is only the tip of the iceberg,” said Nand Mulchandani, vice president of business development and founder of Determina Inc., a security vendor based in Redwood City, Calif. “In most of the [hacking] underground, if somebody finds a vulnerability, theyll use it, not write a worm for it.”

      Window of vulnerability

      • Aug. 9 Microsoft releases patch for vulnerability in Windows Plug and Play service
      • Aug. 10 Security experts warn of potential for a worm
      • Aug. 11 Exploit code appears
      • Aug. 14 Zotob, a worm and backdoor Trojan, appears
      • Aug. 15 Reports surface of companies and universities hit with the worm; new bots and worms using the Plug and Play hole, such as IRCbot, SDbot and Dogbot
      • Aug. 16 Reports of widespread disruptions caused by the Plug and Play worms at CNN, ABC, The New York Times, SBC and others

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Paul F. Roberts
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×