Warning of new attacks
By Anuja Ravendran
18th August 2003 (Computimes)

INFECTION rates due to the W32.Blaster worm attacks appeared to have slowed down considerably among enterprises across the globe last week, but the danger is not necessarily over yet, experts warned.

As of last Thursday, local organisations reportedly hit included two telecommunications companies, an Internet service provider, an insurance firm, a Ministry and a university, according to Trend Micro. Its senior anti-virus consultant Jamz Yaneza said although damage estimates were not as dramatic compared to those caused by Melissa, Nimda, Code Red or Slammer, the Blaster worm could pose a much longer running problem since there seems to be more systems vulnerable to attacks.

He added that because of the ongoing, overall accumulation of infected machines, and in anticipation of a second wave of attacks on Microsoft’s Windows- update.com Web site, Trend Micro escalated the virus status to red alert last Thursday.

Yaneza warned that falling infection rates do not mean the danger was over because new infections would continue to be a threat to compromised machines in the enterprises, small businesses and home users. "The variants have not been very effective, but their rapid appearance suggests that more will follow - and later versions may well be more efficient or destructive," he said.

For more effective long-term security measures, Yaneza advised enterprises to implement enterprise-wide anti-virus and other security mechanisms that not only fix problems, but can limit the scope of a virus outbreak.

Meanwhile, the National Institute for Security and Emergency Response (Niser) received less than 10 reports from organisations and home users infected with the worm as of last Friday afternoon.

Its technical and operations deputy director Raja Azrina Raja Othman said Niser also proactively notified that 450-odd computers within and outside Malaysia were suspected to have been infected with the worm. "Based on sensors on our network, the number of worms scanning the network by infected hosts continues to drop."

However, organisations that have not taken steps to download the patches or protect their networks are experiencing outbreaks of the worm within their network, Raja Azrina said.

She advised organisations to have their vulnerable systems patched as soon as possible.

On the impact of the worm, Raja Azrina said it was not as damaging as other blended attacks with more malicious payloads such as denial-of-service attacks that cause the performance of networks and systems to deteriorate drastically. She added that computers running vulnerable systems would appear to reboot continuously.

Raja Azrina also advised local Internet users to refer to the advisory posted by Niser on the Malaysian Computer Emergency Response Team Web site (http://www.mycert.org.my/advisory/MA -054.082003.html).