Internet worm hits CardCall

The W32.Blaster.Worm hit prepaid communications provider CardCall yesterday causing a "fairly severe network slowdown", according to IT manager, Gordon Kenyon.

He said the outage affected the Gold Coast company's IT infrastructure, servers and 100 PCs, after its antivirus software failed to pick up the worm.

David Banes, regional manager Symantec Security Response, Asia Pacific, said the W32.Blaster.Worm discovered on Monday (August 11, 2003) had a big impact on Australian organisations, giving Symantec's Sydney customer service centre "one of the busiest days in a long time" yesterday.

Banes said the worm reinforced the need for organisations to have comprehensive security solutions in place.

"It's important that organisations don't just rely on a particular piece of software, but have a proper policy within the organisation including training and a security policy," Banes said.

Banes said that the W32.Blaster.Worm is not a "normal" virus or worm, but "more of a code red worm".

"Normal viruses come on e-mail which antivirus software can detect, but this worm is coming in on the network so antivirus won't detect it. That’s why it's also important to have firewall and intrusion detection in place," Banes said.

Kenyon said the worm "puts files on the machines and pretends to be a Microsoft update component and chews resources".

He said the company "received lots of external traffic on the network coming from unknown sources".

Kenyon said he was alerted to the problem early Tuesday morning and the outage, which hit CardCall's call centre, was about three hours.

"First we found out that the e-mail service was down, then we went through process of trying to get everything up and running and found what was consuming the resources was in fact a worm," Kenyon said. "We're had to manually apply patches to each workstation, which took the rest of the afternoon," Kenyon said.

Kenyon said the worm interfered with CardCall's e-mail system after coming through a hole in Windows security.

Unhappy with "the people who developed the worm", Kenyon said once the IT team established what the problem was, a simple patch was applied from the Microsoft network, "but we have to restore the network to make sure it's clear and antivirus is in place".

"We manually removed the worm and applied the patch to stop it coming back.

"Our Norton antivirus software was supposed to see it, according to Symantec, but it didn't. The worm attacks via a specific port and demonstrates a flaw in Microsoft security," he said.

On average, Kenyon said CardCall gets about four patches a week from Microsoft, and added that "it's a constant battle to keep machines up to date with the latest patches".

Symantec's Banes said the worm hit organisations that had not run Windows update features or not patched properly.

"If all their copies of Windows were updated with the relevant Microsoft patch, the worm" wouldn't have been successful, Banes said.

According to Symantec, the W32.Blaster.Worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will attempt to download and run the Msblast.exe file.

Trend Micro said the worm exploits the RPC DCOM buffer overflow, a vulnerability in a Windows Distributed Component Object Model Remote Procedure Call interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lauren Thomsen-Moore

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?