Worms Come Faster: Are You at Risk?
Play it safe and install the latest Outlook and MSN Messenger updates.Stuart J. Johnston is a contributing editor for PC World. VisitClick on the link for more Bugs and Fixes columns.
Illustration by Michael Klein
Iain Mulholland, lead security program manager at the Security Response Center, says that hackers often use reverse engineering on Microsoft's patches to concoct their worms. After a particular fix has been released along with the technical details about the vulnerability, the so-called black-hat hackers go to work.
The bad news is that the time between the posting of a patch and the debut of a worm aimed at exploiting the original weakness has become drastically shorter. Remember Nimda? Microsoft says that crackers took almost a year--331 days--after the company released a fix for the Nimda vulnerability to unleash their attack in 2001. Two years later, the Blaster worm arrived just 25 days after Microsoft put out the corresponding patch.
So be forewarned: Now is a good time to get a new fix for Outlook 2002 and one for MSN Messenger 6.0 and 6.1.
If you are running Outlook 2002, the latest critical flaw could let a scoundrel disguise a worm in an innocuous-looking HTML e-mail, or plant a link in an e-mail that would lead you to a contaminated Web site. Once activated, the worm would execute the hacker's attack program on your PC, and it could delete every one of your files, just for fun. (You're safe if you've already installed Office 2002 Service Pack 3--or if Outlook 2002 isn't your default e-mail program.) Nobody has reported any exploits yet, but I urge you to take care of this problem. Go to the Microsoft Security Bulletin MS04-009 to install the patch.
The other hole, while less serious, could still cause Excedrin Headache 2004. If you use MSN Messenger 6.0 or 6.1, an attacker could slip you an instant message that, while invisible to you, would allow someone to read files on your PC remotely. (However, if you've blocked anonymous users, you're protected.) The bad guy would need to know your sign-in name and the names of files on your system. Head to the Microsoft Security Bulletin MS04-010 to grab the fix.
Attack on Popular Firewall Programs
If there was any doubt that crackers are more quickly figuring out how to exploit newfound security holes in popular software, take a look at Internet Security Systems' BlackICE and RealSecure. Only two weeks after security research firm EEye Digital Security informed ISS of a serious flaw in these products, a miscreant cooked up a worm dubbed Witty that isn't at all amusing (see eEye Digital Security for details).
The worm replicates by sending copies of itself to randomly scanned Internet addresses, but it infects only PCs with one of these products running. Witty gradually erases key portions of an infected PC's file system code. Though it doesn't do its damage all at once, the end result is the same. The hole is present in both desktop and server editions of the products, though not in all versions. Visit X-Force Internet Security Systems for a link to the fixes.
In Brief
Big Blue Update
IBM has a downloadable firmware upgrade to fix reliability problems in some 60GB and 80GB hard drives in its ThinkPad R50, R50p, T41, and T41p laptop PCs. Go to IBM to learn how to tell if your hard drive needs the update--and to find a link to the fix.
New Norton Flaws
Symantec patched a hole in its Norton Internet Security 2004 products that could let an attacker take over your PC. You need to run Symantec's LiveUpdate program to get the patch. Go to Symantec for details about the ins and outs of LiveUpdate.
Bugged?
Found a hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.