ME and Ophelia

Friday, August 15, 2003

Worm outbreak leads to change in XP's default firewall setting

Following extract from report by Sam Varghese, Friday August 15, 2003, The Age - the electronic edition of Melbourne's premier daily newspaper:

Microsoft has decided to change the default settings for the internet connection firewall that is part of Windows XP, following the breakout of the massive worm infection this week.

In a posting to the NT-BugTraq mailing list, newly appointed Microsoft Director of Security Engineering Strategies, Steve Lipner, was quoted as saying that instead of being partially configured, the firewall would now be fully configured.

Meanwhile, the Windows worm, which is known as LoveSan or MSBlaster, will begin to stage a distributed denial of service attack on the Microsoft update site from midnight on August 16.

Each infected host on the internet will begin to send packets of data to (on port 80), in an attempt to knock the site offline. Each infected computer will judge the time by consulting its system clock.

eEye Digital Security said the attack was independent of the year and would start on the 16th of each month from January through August, or on any day in September through December. It said this behaviour could persist as long as instances of the worm remain active in the wild.

An advisory from the anti-virus firm Sophos said each machine which ran the worm on or after August 16 (with a new infection or after a reboot) would send 50 packets per second to the site.

Another anti-virus firm F-Prot said it had documented two variants of the worm, both of which exhibited identical behaviour to the original.

F-Secure said LovSan.C, the third variant, used a file named penis32.exe. LovSan.B had teekids.exe as the name for the actual worm.

No back doors for CIA in our code: Microsoft
By Adam Turner, Friday August 15, 2003, The Age - the electronic edition of Melbourne's premier daily newspaper
via Technorati: Breaking News, with context

# posted by Ingrid J. Jones @ 8/15/2003
Comments: Post a Comment
0 comments Newer›  ‹Older