New Worm Headed Our Way?

eWeek ^ | September 11, 2003 | Dennis Fisher

[FourPeas]

Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend.

The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, it's likely that someone is already at work on that task.

[FourPeas]

SCADA systems comprise central controllers and sensors and are used to remotely control complex systems such as power grids and water treatment facilities.

Hmmmmmmm.

[Salo]

Paging Dr. Penguin.

[TopQuark]

New Worm Headed Our Way?

Oh, I thought this post is about a French official visiting U.S.

Never mind.

[Elliott Jackalope]

Daily routine for a Windows user.

Fire up system. Check for viruses. Check for virus updates. Check that updates are real updates, not viruses pretending to be updates. Check incoming e-mail for viruses and worms. Check to see if latest update keeps up with latest worms/viruses. Go to lunch. Come back from lunch, check if any new viruses have come out during lunch. Check for updates for latest viruses. Check that updates are actually updates, not viruses pretending to be updates. Double check e-mail from Microsoft warning you about dangers of latest viruses/worms/fake updates. Take headache medication. Double check latest virus/worm updates. Shut down system. Go home. Start again tomorrow.

Daily routine for Mac users. Fire up system. Do work. Go home at end of day.

[proxy_user]

"Another issue causing concern in the security community is the fact that many of the control systems for utilities such as water plants and nuclear power plants use RPC to link their supervisory control and data acquisition (SCADA) systems to their Internet-connected networks. SCADA systems comprise central controllers and sensors and are used to remotely control complex systems such as power grids and water treatment facilities.

If you are using RPC, you should be behind a corporate firewall or in a VPN. If you are not using RPC, you can be on the internet, but then you should firewall off these ports. This way, there's no need to keep patching. I never bother to patch my MS systems, because I'm both behind NAT and using a software firewall. Yes, there are ways to get through NAT and disable software firewalls, but this keeps out 99.99999% of the problem.

[lelio]

Yes, there are ways to get through NAT and disable software firewalls, but this keeps out 99.99999% of the problem.

How long till this new virus is distributed by email and then its spreading internally? Or a venduh brings in their infected laptop? Or someone accidently downloads it off the internet. Etc, etc.

Wasn't there a compromise to IE announced a couple of weeks ago? If someone hacked a website and secretly put up that code, which told the viewer to get the virus and run it.

[Question_Assumptions]

I do my development and work on Linux. I've also done development on Solaris and Windows. At home, I use a Mac because I usually just want to be a user. With OSX, I get the best of both worlds. If I want to write a quick Perl program or run some Unix shell commands, I simply need to open up the terminal window.

[general_re]

Daily routine for Mac users. Fire up system. Do work. Go home at end of day.

You forgot the part where you write Apple a $129 check every time they roll together enough bugfixes to make a new point release... ;)

[Elliott Jackalope]

I think $129 once a year is quite fair. Better yet, you can update up to five machines for only $199 a year. Not to mention the neat enhancements and features you get with each new major upgrade. Panther is going to be sweeeeet...

[Poohbah]

Another issue causing concern in the security community is the fact that many of the control systems for utilities such as water plants and nuclear power plants use RPC to link their supervisory control and data acquisition (SCADA) systems to their Internet-connected networks. SCADA systems comprise central controllers and sensors and are used to remotely control complex systems such as power grids and water treatment facilities.

Why in the HELL is anyone using RPC for these functions?

RPC over the Internet = let any script-kiddie mess with your equipment...

[general_re]

I think $169 every three or four years for a major new version is pretty fair, myself. To each his own ;)