BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Security management Toolkit

Squashing the next worm

Published: 15 Aug 2003 12:25 BST

Two years after the Code Red and Nimda worms spread across the Internet, home users and many companies still aren't doing enough to secure themselves against Internet threats, said security experts.

"Software is still flawed, people are still not patching, and companies are still not making security a focus," said Marc Maiffret, chief hacking officer for security software maker eEye Digital Security. "They didn't after Code Red, they didn't after Nimda, and they didn't after Sapphire/Slammer. Mostly likely, they won't after this worm either."

The criticism comes after the poorly programmed MSBlast worm spread worldwide. Despite numerous flaws in its code, the worm--also known as W32/Blaster and W32.Lovsan--infected more than 330,000 computers running Microsoft Windows. The computers were vulnerable as the result of a month-old flaw their owners had left unpatched.

The same script played out during the Code Red worm epidemics in July and August of 2001, the Nimda worm attack in September 2001 and the Slammer attack this past January. The lack of progress in lessening the effects of such attacks has security experts worried that companies and individuals are making too little headway, if any, in securing their computers.

"This worm shows that, even in a relatively sane scenario, what many are doing doesn't work," said Ted Julian, chief strategist for network-security company Arbor Networks. "We had weeks to prepare, and we aren't able to secure everything."

The statements come six months after the Bush administration released the first version of the United States' National Strategy to Secure Cyberspace, a document which aims to focus the efforts of government agencies and private industry toward defeating digital threats and protecting infrastructure.

Despite the release of the strategy, security on the Internet remains flawed at best. For example, a key piece of infrastructure for millions of Windows users will come under attack starting at 4 a.m. PT when worm-infected computers from the Asia-Pacific region start flooding Microsoft's Windows Update site. As successive time zones reach midnight on Friday, the attack will grow.

1 2 3

Did you find this article useful?
150 out of 312 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

In association with Network Liberation Movement

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video

Install Flash Player plugin

Find out more: Microsoft exec outlines...

All videos
Most popular videos
Latest videos

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.