Return of the Blaster, predicted!

CIOL Bureau
Updated On
New Update

SEATTLE/SAN FRANCISCO - "We have to assume the worst," said Jeff Jones, senior director of trustworthy computing security at the world's largest software maker.


Jones urged computer users to activate firewall features and automatic update services in the latest versions of Windows, and also to keep any anti-virus software up to date.

The latest vulnerability, similar to one that Microsoft warned about in July that was exploited by the Blaster worm a few weeks later, could allow an attacker to gain control over a computer, delete data and install malicious programs.

Blaster, also dubbed MSBlast and LovSan, appeared in early August, a few weeks after Microsoft issued its security warning on July 16, and infected 500,000 or more personal computers, according to estimates.


The next threat will likely have a larger impact on consumers than businesses, who have been more diligent about patching their systems, said John Pescatore, an analyst at market research firm Gartner.

"My gut instinct is that we'll see another attack," said David Perry, global director of education at anti-virus software maker Trend Micro Inc.



"The odds are 100 percent. It might not be public. It could be exploited by professionals to break into Web sites and never make the news," said Bruce Schneier, chief technology officer of network monitoring firm Counterpane Internet Security. "Many vulnerabilities are discovered in the underground first."

However, given the media attention on the security hole, chances are good an Internet worm will appear, he said. "It is not going to take a very smart kid to take the existing worm and modify it."

There is a concern that any new program exploiting the latest Windows hole will be worse than Blaster, which spread fairly slowly and did no real damage, said Nicholas Weaver, a researcher at the International Computer Science Institute at University of California, Berkeley.


The recent spate of Blaster variants and e-mail worms like Sobig, which take advantage of holes in Microsoft software, indicates that Microsoft's much vaunted 21-month-old Trustworthy Computing initiative is not working, said Fred Cohen, principal security strategies analyst at the Burton Group consultancy.

"They're not building more secure code, and people will continue to exploit it until they do," said Cohen, who coined the term computer "virus" 20 years ago.

Part of the problem is Microsoft researchers are accustomed to testing software to make sure features work, not to try to break it or find holes, said Chris Wysopal, research direct of consultancy AtStake.


"There is a cultural shift that has to happen with software testers," he said. "I don't think that shift has really happened anywhere yet."

The only way to force Microsoft, and other software makers, to write software with fewer holes is to hold them legally liable for problems that result from faulty applications, the experts agreed.

"You have to give the incentives to fix the problem," said Schneier. "These attacks are all due to programming errors that are exploited by an attacker."

® Reuters