Homeland Security warns of possible cyberattack


The Homeland Security Department has issued a warning that a vulnerability within certain Windows operating systems may be used as a basis of widescale attacks.

The department's Information Analysis and Infrastructure Protection National Cyber Security Division, which issued the July 30 advisory, said it has seen increased scanning across the Internet for computers vulnerable to attack. Microsoft Corp., whose operating systems are affected, also noted the increase.

"We have become aware of some activity on the Internet that we believe increases the likelihood of exploiting this vulnerability," said a technical bulletin from Microsoft about the flaw.

Ken Dunham, malicious code intelligence manager for security analysis firm iDefense Inc., Reston, Va., said what makes this vulnerability different from others is its high stature within the malicious hacking community.

"The key difference here is that the exploit code and the scanning tools are widely available and are very much promoted in the underground, as opposed to other vulnerabilities that may not have a scanning tool or have exploit code," Dunham said.

Although no worms that exploit this vulnerability have been spotted, Dunham said at least one underground group has been working within the past 48 hours to write a worm for it.

Dunham said there also has been increased scanning across computers owned by universities in the northwestern United States.

The scanning is being done by unknown parties probably to install Trojan horses, or hidden programs that can log keystrokes or gain remote control over the computer, Dunham said.

The vulnerability could be serious, since it allows remote users or viruses to take control of a computer. The vulnerability stems from a faulty method used by Windows to handle commands issued by another computer over the network.

"The attacker would be able to take any action on the system, including installing programs, viewing, changing or deleting data or creating new accounts with full privileges," Homeland Security's advisory read. The operating systems potentially vulnerable are Microsoft's Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003.

Homeland Security issued the first advisory July 16. A subsequent advisory was issued July 30 after the agency noticed the increase in suspicious traffic. Although Microsoft has issued a patch to fix the problem, concern remains over those unpatched computers.

Gerhard Eschelbeck, chief technical officer and vice president of engineering at network security company Qualys Inc., Redwood Shores, Calif., said that systems administrators should take a close look for what he calls covert channels, or ways a worm or virus could sneak into a network behind its firewalls.

Possible entry points include virtual private networks or laptops that someone may hook onto the network that have been infected through home use.

Eschelbeck said that if released, a worm based on this vulnerability could do more damage than the Slammer worm that ravaged some government systems earlier this year.

"It is not only databases that would be effected. It would be any machine running the Microsoft operating system," Eschelbeck said.

The advisory is at: http://www.nipc.gov/warnings/advisories/2003/Potential7302003.htm

For Microsoft software patch and related information go to: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.