|
| The Financial Times published a message on its
website about the worm to its readers. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have advised
computer users not to panic, but to ensure appropriate defenses are
in place, following media reports that a worm has disrupted
business at CNN, ABC, The Financial Times, and the New York
Times.
The worm is affecting computers which are not properly patched
against Microsoft security holes such as the MS05-039 Plug and Play vulnerability. It is not
immediately obvious which worm has caused the infection as a number
of viruses use the exploit - including W32/Tpbot-A and W32/Dogbot-A, as well as
the Zotob, Rbot and Tilebot-F worms.
Sophos, which has issued protection against all potential
suspects of this outbreak, warns that such attacks are not unusual
and that organizations unpatched against vulnerabilities can expect
to be regular targets for virus writers, hackers and phishers. It
also points out that more worms will attempt to exploit this
particular vulnerability.
"The experts at Sophos are analyzing more and more pieces of
malware which are exploiting this serious security vulnerability in
Microsoft's code," said Graham Cluley, senior
technology consultant at Sophos. "These type of attacks are
becoming a standard part of the virus writers' armory. If you are
responsible for network security inside an organization it's time
to wake up and smell the coffee: you need to patch your systems now
against these security holes or not be surprised when hackers and
worms blast their way through."
The Financial Times has published a report on its website
announcing it was infected by the worm, along with CNN, ABC and the
New York Times. According to a CNN report the news organization was
hit at 5pm on Tuesday in Atlanta and New York. Meanwhile, a
spokeswoman for the New York Times said the newsroom and other
corporate areas of the newspaper had been affected by a virus but
that the problem had been rectified.
"Computer viruses don't discriminate: they will attempt to hit
anyone with an unprotected computer, be they a home user in a back
bedroom or a multinational corporation," said Cluley. "However,
there is no need for panic or hysteria. Everyone should ensure that
their anti-virus software automatically updates itself, that they
have a strong firewall in place, and that they have installed the
latest Microsoft security patches."
"These companies are used to delivering the news, not starring
in the headlines themselves," continued Cluley. "This serves as a
timely reminder to all businesses to treat network security as a
priority."
Viruses, worms and Trojan horses that exploit the latest
Microsoft vulnerability
More and more virus writers are exploiting the new MS05-039
vulnerability that Microsoft issued a patch against last week. The
list of malware which uses the security hole to spread
includes:
How to protect your computers
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems
scanned for critical Microsoft security vulnerabilities.
Sophos recommends that IT staff responsible for security should
consider subscribing to vulnerability mailing lists such as that
operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos advised
customers to patch against the latest security vulnerabilities
in Microsoft's software last week. The patch for the MS05-039 Plug
and Play vulnerability can be found at on Microsoft's website. However, Sophos
recommends that businesses also ensure they are protected against
other vulnerabilities commonly used by worms and hackers such
as:
LSASS (MS04-011) security vulnerability
RPC-DCOM (MS04-012) security
vulnerability
MSSQL (MS02-039) security vulnerability
UPNP (MS01-059) security vulnerability
WebDav (MS03-007) security vulnerability
"The only good thing which might come out of this high profile
worm outbreak is that more people and businesses may wake up to the
importance of properly protecting their systems from viruses and
internet worms," said Cluley. "All companies should take a long
hard look at their networks and ask, 'could that have happened to
us?'"
Sophos continues to recommend that companies protect all tiers
of their organization - their desktops, servers and email gateways
- with automatically updated anti-virus
software to reduce the risk of infection.
Further reading: War of the worms: Malware fights
for control of insecure computers
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.