Worms Return Underscores Need to Keep Security Up-to-Date

The worm that attacked the TBS network exploits a Symantec vulnerability patched nearly a year ago.

An old worm made headlines again this week when it infected servers at the Turner Broadcasting Systems network, highlighting the need for IT professionals to ensure their security features are current.

The worm, known as W32/Delbot-N or W32.Rinbot.L, takes advantage of a vulnerability in Symantec software that was previously addressed by the company in May 2006. It spreads through e-mail, scans the network for vulnerabilities and weak passwords and installs itself in the registry exploits system.

Turner Broadcasting System is a division of Time Warner and parent of CNN and CNNMoney.com.

/zimages/4/28571.gifClick here to read more about the vulnerability that put millions of users at risk.

Symantec is urging all its customers to patch their systems if they have not done so already. Despite the press the worm has gotten in recent days, security experts consider the threat the worm poses to actually be minimal—in part because a fix for the vulnerability has been available for some time.

"The fact that a patch has been available for this vulnerability for over six months demonstrates that businesses have yet to get to grips with ensuring that all their IT systems have the latest protection," said Chris Andrew, vice president of security technologies at PatchLink, in Scottsdale, Ariz. "Considering that computer hackers are a continuous threat to businesses, it is quite astonishing that this hole has been left unprotected for so long.

"Once a security patch has been announced by a security vendor—it is like a red flag to a bull. Security hackers now have the opportunity to reverse-engineer the security code that has been published, which enables then to write a computer virus to exploit the hole in the network."

Ron OBrien, a security analyst with Sophos, in Burlington, Mass., said the worm tries to set up botnets from which a denial-of-service attack can be launched. It is not uncommon, he added, for malware writers to target anti-virus software providers like Symantec.

"This is one of those examples," OBrien said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.