ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Massive worm attack may be imminent

Joris Evers CNET News.com

Published: 24 Jun 2005 09:20 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A surge in scanning on a port associated with a Windows flaw patched last week suggests that a mass worm attack may be imminent, experts said.

A rise in activity on TCP Port 445 could be a sign that hackers are trying to exploit a flaw in Server Message Block, Gartner analyst John Pescatore said on Thursday.

"Increased scanning does not always mean an attack will happen, but it greatly increases the odds that one will," Pescatore said. "I don't think this has a high probability of a worm, but if people get lax about patching the odds of worms goes way, way up."

Like would-be burglars knocking on doors looking for a likely target, Internet intruders sometimes scan random computers to see if a particular network port is available, as a precursor to attack.

TCP Port 445 is used by SMB, which Windows uses to share files, printers, serial ports and also to communicate between computers. Microsoft recently released a fix for the 'critical' vulnerability in the protocol as part of its monthly patch cycle.

Increased port scanning has preceded major worm outbreaks in the past, Pescatore said. Alfred Huger, a senior director at Symantec Security Response, also said that a worm could be on its way.

Users should patch their systems as soon as possible, they both said.

However, Pescatore and Huger also note that port scanning by suspected hackers is common after Microsoft discloses vulnerabilities. Furthermore, this particular Windows flaw is not easy to exploit, so the scanning may not be an ominous sign at all.

Symantec saw a spike in scanning on TCP Port 445 last week, but the probing of the port has since gone back to normal levels, Huger said. "I don't think we should be screaming the barn is burning by any means," he said.

Microsoft is not aware of any active attempts to exploit any Microsoft vulnerabilities via TCP Port 445, a company representative said on Thursday. Also, the software maker has not received any indication of malicious activity associated with the security vulnerability that affects SMB, the representative noted.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
80 out of 157 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Service Delivery Manager - Customer Development & Food solutions - IT Manager - St. David\'s Park, Teeside , North West

Recognises, and actively seeks ways to exploit information technology to address complex business, organisational and technical issues, of both a ...

SUPPORT ENGINEER 2G/3G/GPRS/SS7/GSM/3GPP/SIGNALLING/TCP/IP/IP

2G, 3G, GPRS, SS7, GSM, 3GPP, SIGNALLING, TCP/IP, IP This company are designers of the worlds leading GSM softswitch. Administration - TCP/IP ...

Technical Audit Contract 6 months London

I am currently looking for a candidte who is able to Audit and Verify, making wsure that all documentation is correct : Asset List Patch Schedule ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

1 comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers