Internet worm hits CardCall

The W32.Blaster.Worm hit prepaid communications provider CardCall yesterday causing a "fairly severe network slowdown", according to IT manager, Gordon Kenyon.

He said the outage affected the Gold Coast company's IT infrastructure, servers and 100 PCs, after its antivirus software failed to pick up the worm.

David Banes, regional manager Symantec Security Response, Asia Pacific, said the W32.Blaster.Worm discovered on Monday (August 11, 2003) had a big impact on Australian organisations, giving Symantec's Sydney customer service centre "one of the busiest days in a long time" yesterday.

Banes said the worm reinforced the need for organisations to have comprehensive security solutions in place.

"It's important that organisations don't just rely on a particular piece of software, but have a proper policy within the organisation including training and a security policy," Banes said.

Banes said that the W32.Blaster.Worm is not a "normal" virus or worm, but "more of a code red worm".

"Normal viruses come on e-mail which antivirus software can detect, but this worm is coming in on the network so antivirus won't detect it. That’s why it's also important to have firewall and intrusion detection in place," Banes said.

Kenyon said the worm "puts files on the machines and pretends to be a Microsoft update component and chews resources".

He said the company "received lots of external traffic on the network coming from unknown sources".

Kenyon said he was alerted to the problem early Tuesday morning and the outage, which hit CardCall's call centre, was about three hours.

"First we found out that the e-mail service was down, then we went through process of trying to get everything up and running and found what was consuming the resources was in fact a worm," Kenyon said. "We're had to manually apply patches to each workstation, which took the rest of the afternoon," Kenyon said.

Kenyon said the worm interfered with CardCall's e-mail system after coming through a hole in Windows security.

Unhappy with "the people who developed the worm", Kenyon said once the IT team established what the problem was, a simple patch was applied from the Microsoft network, "but we have to restore the network to make sure it's clear and antivirus is in place".

"We manually removed the worm and applied the patch to stop it coming back.

"Our Norton antivirus software was supposed to see it, according to Symantec, but it didn't. The worm attacks via a specific port and demonstrates a flaw in Microsoft security," he said.

On average, Kenyon said CardCall gets about four patches a week from Microsoft, and added that "it's a constant battle to keep machines up to date with the latest patches".

Symantec's Banes said the worm hit organisations that had not run Windows update features or not patched properly.

"If all their copies of Windows were updated with the relevant Microsoft patch, the worm" wouldn't have been successful, Banes said.

According to Symantec, the W32.Blaster.Worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will attempt to download and run the Msblast.exe file.

Trend Micro said the worm exploits the RPC DCOM buffer overflow, a vulnerability in a Windows Distributed Component Object Model Remote Procedure Call interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lauren Thomsen-Moore

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?