Internet worm hits CardCall

The W32.Blaster.Worm hit prepaid communications provider CardCall yesterday causing a "fairly severe network slowdown", according to IT manager, Gordon Kenyon.

He said the outage affected the Gold Coast company's IT infrastructure, servers and 100 PCs, after its antivirus software failed to pick up the worm.

David Banes, regional manager Symantec Security Response, Asia Pacific, said the W32.Blaster.Worm discovered on Monday (August 11, 2003) had a big impact on Australian organisations, giving Symantec's Sydney customer service centre "one of the busiest days in a long time" yesterday.

Banes said the worm reinforced the need for organisations to have comprehensive security solutions in place.

"It's important that organisations don't just rely on a particular piece of software, but have a proper policy within the organisation including training and a security policy," Banes said.

Banes said that the W32.Blaster.Worm is not a "normal" virus or worm, but "more of a code red worm".

"Normal viruses come on e-mail which antivirus software can detect, but this worm is coming in on the network so antivirus won't detect it. That’s why it's also important to have firewall and intrusion detection in place," Banes said.

Kenyon said the worm "puts files on the machines and pretends to be a Microsoft update component and chews resources".

He said the company "received lots of external traffic on the network coming from unknown sources".

Kenyon said he was alerted to the problem early Tuesday morning and the outage, which hit CardCall's call centre, was about three hours.

"First we found out that the e-mail service was down, then we went through process of trying to get everything up and running and found what was consuming the resources was in fact a worm," Kenyon said. "We're had to manually apply patches to each workstation, which took the rest of the afternoon," Kenyon said.

Kenyon said the worm interfered with CardCall's e-mail system after coming through a hole in Windows security.

Unhappy with "the people who developed the worm", Kenyon said once the IT team established what the problem was, a simple patch was applied from the Microsoft network, "but we have to restore the network to make sure it's clear and antivirus is in place".

"We manually removed the worm and applied the patch to stop it coming back.

"Our Norton antivirus software was supposed to see it, according to Symantec, but it didn't. The worm attacks via a specific port and demonstrates a flaw in Microsoft security," he said.

On average, Kenyon said CardCall gets about four patches a week from Microsoft, and added that "it's a constant battle to keep machines up to date with the latest patches".

Symantec's Banes said the worm hit organisations that had not run Windows update features or not patched properly.

"If all their copies of Windows were updated with the relevant Microsoft patch, the worm" wouldn't have been successful, Banes said.

According to Symantec, the W32.Blaster.Worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will attempt to download and run the Msblast.exe file.

Trend Micro said the worm exploits the RPC DCOM buffer overflow, a vulnerability in a Windows Distributed Component Object Model Remote Procedure Call interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lauren Thomsen-Moore

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?