Homeland Security warns of possible cyberattack


The Homeland Security Department has issued a warning that a vulnerability within certain Windows operating systems may be used as a basis of widescale attacks.

The department's Information Analysis and Infrastructure Protection National Cyber Security Division, which issued the July 30 advisory, said it has seen increased scanning across the Internet for computers vulnerable to attack. Microsoft Corp., whose operating systems are affected, also noted the increase.

"We have become aware of some activity on the Internet that we believe increases the likelihood of exploiting this vulnerability," said a technical bulletin from Microsoft about the flaw.

Ken Dunham, malicious code intelligence manager for security analysis firm iDefense Inc., Reston, Va., said what makes this vulnerability different from others is its high stature within the malicious hacking community.

"The key difference here is that the exploit code and the scanning tools are widely available and are very much promoted in the underground, as opposed to other vulnerabilities that may not have a scanning tool or have exploit code," Dunham said.

Although no worms that exploit this vulnerability have been spotted, Dunham said at least one underground group has been working within the past 48 hours to write a worm for it.

Dunham said there also has been increased scanning across computers owned by universities in the northwestern United States.

The scanning is being done by unknown parties probably to install Trojan horses, or hidden programs that can log keystrokes or gain remote control over the computer, Dunham said.

The vulnerability could be serious, since it allows remote users or viruses to take control of a computer. The vulnerability stems from a faulty method used by Windows to handle commands issued by another computer over the network.

"The attacker would be able to take any action on the system, including installing programs, viewing, changing or deleting data or creating new accounts with full privileges," Homeland Security's advisory read. The operating systems potentially vulnerable are Microsoft's Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003.

Homeland Security issued the first advisory July 16. A subsequent advisory was issued July 30 after the agency noticed the increase in suspicious traffic. Although Microsoft has issued a patch to fix the problem, concern remains over those unpatched computers.

Gerhard Eschelbeck, chief technical officer and vice president of engineering at network security company Qualys Inc., Redwood Shores, Calif., said that systems administrators should take a close look for what he calls covert channels, or ways a worm or virus could sneak into a network behind its firewalls.

Possible entry points include virtual private networks or laptops that someone may hook onto the network that have been infected through home use.

Eschelbeck said that if released, a worm based on this vulnerability could do more damage than the Slammer worm that ravaged some government systems earlier this year.

"It is not only databases that would be effected. It would be any machine running the Microsoft operating system," Eschelbeck said.

The advisory is at: http://www.nipc.gov/warnings/advisories/2003/Potential7302003.htm

For Microsoft software patch and related information go to: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • VIDEO: Explore the 2019 M&A Trends

    Editor Nick Wakeman interviews Kevin DeSanto of the investment bank KippsDeSanto about the highlights of their annual M&A survey and trends driving acquisitions in the federal space. Read More

  • PROJECT 38 PODCAST

    In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.