Advertisement
Promo

Security threats Toolkit

Massive worm attack may be imminent

Joris Evers CNET News

Published: 24 Jun 2005 09:20 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A surge in scanning on a port associated with a Windows flaw patched last week suggests that a mass worm attack may be imminent, experts said.

A rise in activity on TCP Port 445 could be a sign that hackers are trying to exploit a flaw in Server Message Block, Gartner analyst John Pescatore said on Thursday.

"Increased scanning does not always mean an attack will happen, but it greatly increases the odds that one will," Pescatore said. "I don't think this has a high probability of a worm, but if people get lax about patching the odds of worms goes way, way up."

Like would-be burglars knocking on doors looking for a likely target, Internet intruders sometimes scan random computers to see if a particular network port is available, as a precursor to attack.

TCP Port 445 is used by SMB, which Windows uses to share files, printers, serial ports and also to communicate between computers. Microsoft recently released a fix for the 'critical' vulnerability in the protocol as part of its monthly patch cycle.

Increased port scanning has preceded major worm outbreaks in the past, Pescatore said. Alfred Huger, a senior director at Symantec Security Response, also said that a worm could be on its way.

Users should patch their systems as soon as possible, they both said.

However, Pescatore and Huger also note that port scanning by suspected hackers is common after Microsoft discloses vulnerabilities. Furthermore, this particular Windows flaw is not easy to exploit, so the scanning may not be an ominous sign at all.

Symantec saw a spike in scanning on TCP Port 445 last week, but the probing of the port has since gone back to normal levels, Huger said. "I don't think we should be screaming the barn is burning by any means," he said.

Microsoft is not aware of any active attempts to exploit any Microsoft vulnerabilities via TCP Port 445, a company representative said on Thursday. Also, the software maker has not received any indication of malicious activity associated with the security vulnerability that affects SMB, the representative noted.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
80 out of 160 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters