Merry Andrew wrote:First shots fired yesterday. Many large-scale businesses as well as media news reporting stations were affected in the US. It's all Bill Gates' fault. He let it slip that there's a chink in the Windows 2000 firewall. It was bound to be exploited immediately.
Not exactly. First, there is no Windows 2000 Firewall. The current round of worms exploits a vulnerabilty found only win Win2K's "PlugandPlay " service, a "feature" which expedites discovery, installation, and configuration of compliant peripherals.
Next, the "flaw" had been discovered in late July, by independent security solutions firms (as generally is the case), and details were provided to Microsoft, which then developed a counter to the flaw, announcing, on August 9, the reason for and availability of the relevant update, categorizing it as "Critical". The first worm variants configured to exploit the flaw in unpatched machines began circulating late night, early morning Aug 12/13. As frequently happens in such instances, a sort of race broke out among would-be evil doers; by Aug 15, there were many variants of the worm, perhaps as many as 2 dozen, several of which "competed" with their compatriots, disabling the rival version if found and installing themselves.
A major infection vector was laptop users who took unpatched machines home, away from their otherwise relatively secure, protected corporate network, using the machines overnight on what amount to comparatively unsecure personal web connections, then the next day connecting infected machines to the corporate network, thus "backdooring" the infection into the corporate network, which otherwise would have remained unaffected.
Despite the publicity this latest caper gained, by virtue of its having impacted the unpatched systems of several major media outlets, the spread of the worm variants actually was relatively minor, inhibited chiefly by the twin facts that it targeted Win2K, primarily a commercial operating system, not intended for general home use, and that IT departments are paying more attention to proper update and security proceedures. The exploit affected only unpatched machines, and did not come into wide distribution for nearly a week following announcement of the availability of the "Critical Update".
The fault is not Microsoft's; there are legions of miscreants out there, ranging from sophisticated, ingenious, resourceful, outright malicious hackers to clueless script kiddies, constantly looking for ways to inconvenience computer users. Newsgroups and IRC channels devoted to the pastime abound. Independent security and privacy firms, and Microsoft, constantly monitor these venues, trying to stay abrteast of the "state of the art" from the hacker's point of view. Security and privacy forums and newsgroups had been discussing the potential exploit at least as early as Aug 5th, which is when and how I learned of it (the immediate workaround, pending availability of a patch, was simply to disable the Plug and Play service on Win2K machines).
Rarely do the hackers and script kiddies come up with an attack method for which there is not already available apreventive patch or update. Security Bulletins and Update Notices are put out for a reason. Folks ignore them, or put off implementing them, at theirt own peril.
Of course, for some folks, its easier to blame Microsoft than to observe and practice proper computer and networking measures. Personally, I have no compunction against taking money from such folks in return for rescuing them from their own carelessness.