Subj : Risks Digest 22.85 To : All From : Todd Sullivan Date : Sat Aug 16 2003 09:21:56 * This message forwarded from area '10TH_AMD' (10TH_AMD) * Original message dated 15 Aug 03, from Roy J. Tellason * Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k. <...> Date: Thu, 14 Aug 2003 08:46:52 -0700 From: "NewsScan" Subject: FBI enters investigation of Blaster The FBI is investigating the origin of the malicious computer program Blaster (also known as MSBlaster and LoveSan), which has already wormed its way into more than 250,000 Internet-connected computers running Windows software. Blaster has been infecting computers in organizations of every kind (e.g, CBS, the Senate, and the Federal Reserve Bank of Atlanta) -- in spite of the fact that computer experts say it's not well-written software. Dan Ingevaldson of Internet Security Systems Inc. warns: "A better version of this worm wouldn't crash any machines; it would work correctly every time, move faster, and delete or steal its victims' files." [*The Washington Post*, 14 Aug 2003; NewsScan Daily, 14 Aug 2003] http://www.washingtonpost.com/wp-dyn/articles/A56071-2003Aug13.html -- Date: Tue, 12 Aug 2003 12:23:22 -0400 From: "Fuzzy Gorilla" Subject: Re: Software patching gets automated (RISKS-22.84) In http://catless.ncl.ac.uk/Risks/22.84.html#subj11.1 Peter Neumann speculates: "And when it is *fully* automated, think of how wonderful it will be to have new Trojan horses and security flaws installed instantaneously, without having to require human intervention.". Even without Trojan horses and security flaws, it introduces yet another point of failure into the system, as evidenced by the "Blaster" worm. According to a New Scientist article "Computer worm attacks software patch server" http://www.newscientist.com/news/news.jsp?id=ns99994046 : After infecting a vulnerable computer, the worm is programmed to send a volley of bogus traffic to Microsoft's software update service, windowsupdate.com on 16 August. If enough machines are infected this will overwhelm the site, preventing system administrators from using it to download the software patches needed prevent other machines being infected. "It's an extremely devious trick by Blaster's author," says Graham Cluley, of UK anti-virus company Sophos. "Blaster attempts to knock Microsoft's windowsupdate.com Web site off the Internet." Todd Sullivan .... "Ketchup on the male, Gen..." - DannyD --- Spot 1.3b Unregistered * Origin: Home of the Amiga Echo (1:3613/1275.12) .