Microsoft software targeted again in latest worm attack

SAN JOSE, Calif. (AP) _ As yet another viruslike program clogs networks around the globe, software giant Microsoft Corp. again finds its software at the center of the attack. <br><br>The ``Nimda''

Thursday, September 20th 2001, 12:00 am

By: News On 6

SAN JOSE, Calif. (AP) _ As yet another viruslike program clogs networks around the globe, software giant Microsoft Corp. again finds its software at the center of the attack.

The ``Nimda'' program, which targets Windows-based servers and computers, struck internationally Wednesday, shutting down sites in Norway, Japan and elsewhere even as it seemed to be abating in the United States.

Experts say the world's largest software maker's products are not so much to blame as much as the size of the company, the ubiquity of its programs and the lackadaisical attitude many users have toward security.

Still, all software _ not just Microsoft's _ needs to be more closely scrutinized before it's released, said Joe Hartmann, director of North America antivirus research at Trend Micro Inc.

``A lot of the bugs we see are caused by rushing out products before they are properly tested or before security measures are incorporated,'' he said.

Vincent Gullotto, McAfee.com's head virus researcher, said Nimda was more active Wednesday in Asia and Australia. Researchers were not sure of its origins.

The Australian government's computer networks were attacked by the virus Wednesday night, and Parliament House shut down its Web site and stopped internal e-mail for hundreds of staff. E-mail service was restored Thursday, said Senate President Margaret Reid.

Despite large broadband networks in Singapore, Internet traffic was extremely slow. U.S.-based Web sites such as Hotmail were largely inaccessible from the wealthy Southeast Asian city-state.

The China Daily newspaper quoted Zhang Jian, chief engineer of the state-sponsored National Computer Virus Emergency Response Center, as saying that more than 100 computers have been reported infected in the country.

Major sporting sites in Norway were shut down after a Web provider. In Japan, Yamanashi Gakuin University, the Kyodo News agency and the Chunichi newspaper were among the infected. The Swedish government was forced to quarantine some government computers after they were infected.

In the United States, Web portal Yahoo! was one of the firms infected by Nimda, company spokesman Kevin Timmons confirmed. The company's nonpublic corporate network has been infected, but the public Web site is not.

Bugs and security holes can be found in almost any program from any vendor, including Linux and Unix. But Microsoft gets more attention because the company's size.

``Virus writers are thinking of how they can hurt the most people in the biggest way,'' said Sam Curry, security architect at McAfee.com. ``They look at who has the market dominance here.''

The Nimda worm, which was first detected Tuesday, targets a handful of holes found in Microsoft's server software as well as cracks in some versions of its e-mail and Web browsing software.

It can infect Web sites running Microsoft's Internet Information Services software, like the recent ``Code Red'' worm did. Once a Web site is infected, any Web user accessing it can get the worm.

Once one computer on a company network is infected, it can travel across the network to attack others. Together, this can cause an entire corporate network to be infected.

It also can send itself through an e-mail attachment, much like the infamous ``I Love You'' attack of May 2000. The sender address is faked, and may be a well-known address. The attachment may be named ``README.EXE.''

Though its multiple attack paths make tracking the bug and predicting its effects more difficult, all the tools necessary for fighting it already exist. For months, Microsoft has had software patches available for free.

Still, thousands of machines have been infected in the latest attack _ even after last summer's Code Red outbreak and the ensuing media attention.

``People are lazy,'' said Roger Thompson, technical director of malicious code research at TruSecure Corp. ``It's a well known thing that the virus writers exploit all the time.''

Recent Microsoft operating systems all can connect to a site that checks machines and recommends updates. In addition, the company sends out e-mail bulletins to more 250,000 administrators each time a vulnerability is found, said Scott Culp, manager of Microsoft's Security Response Center.

To make updates easier, most patches are downloadable as a single file that fixes both the previous and current problems. Earlier this year, the company also released software that checks for security problems.

The upcoming Windows XP operating system can download patches automatically before prompting users to install them.

Microsoft, like other software makers, must strike a balance between the functions and ease of use demanded by customers and keeping systems secure, security experts say.

``It's the same with the physical world,'' said Russ Cooper of TruSecure Corp. ``We can't secure things without taking away the things people want.''