Microsoft working with the feds; Virus attacks may be terrorism

WORLD TRIBUNE ^ | 8/21/03 | World Tribune Staff Writer

[Pro-Bush]

Microsoft working with the feds; Virus attacks may be terrorism

Evidence gathered by Microsoft, the FBI, and the Secret Service on the worldwide attacks made against computers running the Windows operating system fits the profile of "terrorist activity."

Industry sources citing Microsoft officials told World Tribune.com that recent attacks against from the "Blaster" worm and its variants, coupled with an email virus called "SoBig-F" show signs of a coordinated attack by an entity wanting to disrupt world commerce. Microsoft is cooperating with both the FBI and the Secret Service and will report their findings in the next few days.

While at present no terrorist organizations have claimed responsibility for these attacks in cyberspace, Microsoft is an obvious target for terrorists as the largest, most recognizable, and most profitable software company in the world.

The Blaster worm exploits a flaw in the Remote Procedure Call (RPC) component used by Microsoft Windows, the operating system installed on an estimated 90 percent of all home and corporate desktop computers worldwide.

A patch was made available free of charge by Microsoft in July 2003, but few home or corporate users downloaded the fix. The Blaster worm seeks out any Internet-enabled Windows computer without the fix, installs malicious code that takes control of the computer, and beings attacking a Microsoft corporate Web site used to distribute software fixes to Windows users. SoBig-F is a rehash of a virus first spread by hackers in January 2003. The "F" strain clogs e-mail systems full of messages with subjects like "Re: Details" and "Re: Wicked screensaver," and then installs a "Trojan horse" program that is used to spit out thousands of copies of the virus from the victims' computers.

Microsoft officials said the company is working proactively to halt the spread of the Blaster and SoBig attacks by encouraging Windows users to regularly update their computers using the free Windows Update feature in Windows 2000, XP, and Server 2003.

Late Wednesday afternoon, Microsoft posted two "critical updates" to Windows Update that fixed flaws in their Internet Explorer Web browser and a collection of common Windows operating system components that would "allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions, including executing code." Sources inside Microsoft say that up to three more of these critical updates will be released in the next few days to coincide with the Blaster and SoBig-F investigation.

[milan]

You don't want to know how many attacks we had just yesterday, but not one penetration. If folks would just learn to use those features these problems would be nipped early.

I whole heartedly agree.

[martin_fierro]

FREE PC PROTECTION: Spyware removers: Spybot S&D AdAware Bayden Systems Popup Popper: Blocks popup ads well in MSIE MailWasher: Good for pre-screening & bouncing SPAM AVG Anti-Virus Free Edition: Free anti-viral protection Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Alternative browsers: Mozilla Opera

[milan]

You are comparing Apples and Pomegranates.

They are both fruits.

[milan]

I didn't know about the free anti-virus...thanks for the links. Ther is one that you missed though; "popup stopper"
Has always worked well for me.

[Doohickey]

Blaster was a self-fulfilling prophesy. I remember when the RPC flaw (which, by the way, had been lying around undetected since 1995) was announced, I knew it would only be a matter of time before an exploit was developed.

If it is such crappy code, why is taking eight years to find these things?

I use Windows and Linux, and find myself needing to patch each about equally as often. I use RHN to do it, since it would be a killer going to the various .org's to download the latest stable build.

Off topic, but why isn't RHN accused of being spyware like Windows Update is? Is Microsoft the only company that could possibly have evil intent?

[Doohickey]

We rolled KB823980 as soon as it was released. We had seven infections out of an installed base of 17,000.

[aruanan]

The other interesting thing is, "Hi, we're used by 90% of all home and corporate desktop computers in the world. We've consistently provided you with all the flaws needed to keep worm and virus makers busy making your lives and businesses hell." How much time and money have been lost worldwide by the richest software company in the world not wanting to use some of that money to produce a non-defective product?

[Pro-Bush]

Microsoft is constantly updating their software. Sure, they enjoy being hacked..Get a clue.

[thinking]

omputer worm virus traced to source in B.C.

Peter Morton, Washington Bureau Chief
National Post, with files from Bloomberg News

Saturday, August 23, 2003
ADVERTISEMENT

WASHINGTON - The FBI and U.S. Homeland Security investigators appeared last night to have largely shut down a computer virus attack that may have originated with a computer in British Columbia.

Worried the so-called "Sobig" worm may have been programmed to attack key computer networks yesterday afternoon, U.S. and Canadian officials managed to shut down 19 of the 20 computers thought to have been targeted.

The latest version of Sobig, called Sobig.F, was apparently disguised as a pornographic picture which, when opened, attached itself to e-mail address books. It would have begun sending millions of junk e-mail, causing havoc on corporate and home computer systems.

Sobig has infected networks of FedEx Corp., Starbucks Corp. and AOL Time Warner Inc., and the states of New Jersey, Pennsylvania and North Carolina. The New York Times Co. said computers at its offices in New York City ''experienced difficulties'' shortly after noon yesterday. The company would not say for certain Sobig was the cause.

Investigators suspect the latest and extremely sophisticated version of Sobig may have been launched unwittingly from a B.C. home computer that had been taken over by the virus.

It was traced through an Internet provider in Phoenix, which, according to reports, is co-operating with police after being served with a grand jury subpoena.

The FBI would not confirm details last night of the investigation, except to say it was doing what was necessary to find out how the virus operates and who sent it. "The FBI will use all the necessary means allowed by law to determine the author of this virus and bring him or her to justice," said Bill Murray, of the FBI's cyber division.

Sources said the person who unleashed the latest version of Sobig used the Phoenix-based Easynews.com account, apparently paid for with a stolen credit card and established minutes before the virus was released on the Internet on Monday.

The account appears to have been established from a computer in British Columbia that belongs to an unwitting home user, whose computer seems to be infected by a previous version of the virus.

U.S. and Canadian law enforcement officials, working with the computer security community yesterday, were successful in shutting down 19 out of the 20 computers that were to deliver further instructions to other Sobig-infected computers.

Sobig.F has become one of the most widespread viruses on record, choking corporate e-mail networks and jamming many home users' inboxes with as many as 100 million e-mails.

It will try to do the same thing every Friday and Sunday until it expires on Sept. 10, Stephen Trilling, senior director at Symantec Security Response, said on a conference call.

pmorton@nationalpost.com
© Copyright 2003 National Post

[PatrioticAmerican]

The feds have a hammer that bashes terrorists, so everything now looks like a nail.

[PatrioticAmerican]

" People should wake up and realize that MSFT is the world's biggest virus petri dish maker."

I guess Linux is perfect?? LOL!!

[garbanzo]

Microsoft gets attacked because their software is full of holes and their security model is crap.

This is the key thing - microsoft has made some seriously bizarre decisions in terms of what types of features people were demanding. Exactly who was demanding that emails be able to run code on your machine?

[PatrioticAmerican]

"Most blue screens happen when windows is booting and it usually gives a decent error message.

Have you ever had a failed boot on Linux or Unix? Try solving those. A blue screen is a welcome crash. Figure out a Unix SCSI boot problem then come complain about a blue screen. Windows is easy."

A perfect point deserving repeat.

[SSN558]

Industry sources citing Microsoft officials told World Tribune.com that recent attacks against from the "Blaster" worm and its variants, coupled with an email virus called "SoBig-F" show signs of a coordinated attack by an entity wanting to disrupt world commerce. Microsoft is cooperating with both the FBI and the Secret Service and will report their findings in the next few days.

Translation: As we all know the computer attacks are being waged by a pimply faced 13 year old, bored with summer vacation. Meanwhile, Bill Gates is getting free software consulting services from the FBI and SS, to patch up his buggy half tested product.

[mikegi]

The idea of having executables attached to email in Outlook and Outlook Express is downright stupid.

When you're done frothing at the mouth, try taking a look at RFC 1521 where the "application" type is a standard mime type. It's no different than attaching a jpg or any other none text data. The problem is that people click on these attachments without checking to see if they viruses.

MS could have cleared much of their vunerability if they didn't want to leave "hooks" in their applications. The "hooks" are their so they can screw over any possible competitors. this is well documented behavior since the DR-DOS, Lotus 1-2-3 days.

Show me the documentation. Do you know about the "app compatibility" flags in win9x to maintain backwards compatibility with ill-behaved applications? Do you know that Win9x has hundreds of little patches in it to cover up bad behavior in applications - like using uninitialized local variables that happen to work on previous versions of Windows.

Have you ever run a kernel debugger on Windows to see where the faults actually occur? Show me a fault that occurs in Windows and not a third party driver. I'm not saying that MSFT produces flawless operating systems, just that some "moron think-they-know-it-all" types blame Microsoft for every problem in the computer world.

[Doohickey]

One is a for-profit corporation that has an installed base to cater to, and the other is not. That's why it smacks of Marxism, though I doubt many open-source developers are.

[Doohickey]

And what was Microsoft's share of the server market in 1988? Approximately?

[Doohickey]

Sobig has infected networks of FedEx Corp., Starbucks Corp. and AOL Time Warner Inc., and the states of New Jersey, Pennsylvania and North Carolina. The New York Times Co. said computers at its offices in New York City ''experienced difficulties'' shortly after noon yesterday.

If you're an out-of-work network specialist, I suspect there will be some job openings at these places. At least, there should be.

[milan]

Exactly who was demanding that emails be able to run code on your machine?

That is the dumbest thing I have ever heard. Which OS do you use? Whatever it is, do you view html emails?