well-known security expert) has been decrying Black Ice for quite a while as
being next to useless. I guess this proves his point.
Of course security folks will always tell you that a software solution isn't
a very water-tight solution - especially those that run "above" the
OS/System. The really expensive software firewalls (CheckPoint for example)
actually modify the kernel processing directly (running on "ring 0" or so
I've been told). My guess is that this particular problem was something
very specific to those products however and not something that could be
repurposed for a general attack (or else the author(s) would have probably
done it).
Jim Davis
_____
From: Angel Stewart [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 21, 2004 6:24 PM
To: CF-Community
Subject: New worm targets BlackIce and RealSecure firewall.
"A quickly spreading Internet worm destroyed or damaged tens of
thousands of personal computers worldwide Saturday morning by exploiting
a security flaw in a firewall program designed to protect PCs from
online threats, computer experts said. The "Witty" worm writes random
data onto the hard drives of computers equipped with the Black Ice and
Real Secure Internet firewall products, causing the drives to fail and
making it impossible to restart the PCs. Unlike many recent worms that
arrive as e-mail attachments, it spreads automatically to vulnerable
computers without any action on the part of the user. At least 50,000
computers have been infected so far, according to Reston, Va.-based
computer security firm iDefense and the Bethesda, Md.-based SANS
Institute. The firewalls were developed by Atlanta-based Internet
Security Systems. Chris Rouland, vice president of the company's X-Force
research and development division, said that as many as 32,000 corporate
computers could be infected. The company does not know how many home
users are infected. ISS released a patch and a detailed writeup of the
affected products.
Most infected computers will have to be rebuilt from scratch unless
their owners instead decide to buy new ones, said Ken Dunham, a computer
security expert at iDefense. "The thing looks like it will corrupt or
crash most drives enough so that reinstallation is going to be
required," he said. "This is a very destructive worm." Officials at the
Department of Homeland Security, which is in charge of the government's
cybersecurity efforts, were unavailable for comment. Internet worms,
viruses and other malignant software often install software or open
"back doors" that allow hackers to control infected computers. That
often gives them access to private data that people keep on their
computers, and allows them to use those computers to send out e-mail
spam that cannot be traced back to its real owner. The Witty worm is
different and in some respects more destructive because it renders the
computer useless...continued...."
Look for the story here:
http://www.securitynewsportal.com/index.shtml
Dammit..now the software that we install to protect against Worms and
malicious Trojan horses is itself being used for an attack.
-Gel
--
Incoming mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.225 / Virus Database: 262.5.7 - Release Date: 3/21/2004
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
