There wasn’t a lot of holiday cheer for Microsoft’s Security Response Center late last year.
Just a few days after Christmas, criminals found a new way to attack. By taking advantage of an unpatched bug in the way Internet Explorer processed an obscure graphics format, called Windows Metafile (WMF), they were able to install unauthorized software on PCs.
Soon reports started coming into Microsoft of malicious websites that were taking advantage of this bug to spread adware and spyware.
“Within 15 minutes, we were all on the phone and people were coming in and discussing it through the holidays,” said Mark Griesi, senior program manager with Microsoft.
“People were literally here 24 hours a day,” he said. “I really hand it to those guys. They came in and worked through the holidays. … It’s a side of Microsoft that folks don’t see.”
A week later, Microsoft took the unusual step of issuing an emergency patch for the WMF problem. Still, critics said the software giant waited too long, given the scope of the attack.
So will there be another WMF-style outbreak next week?
Nobody really knows the answer to that question, of course, but recent patterns of attacks seem to suggest it may be likely. The Sobig, Blaster and Zotob worms were all released in August, for example, the end of summer holidays in Europe and the United States, and attackers seem to be getting better lately at timing the release of their malicious software in order to have maximum effect.
IT administrators are harder to reach, and less likely to patch software or issue workarounds during the holidays. And college-age hackers have more time on their hands to work out new attacks, or so the thinking goes.
Security experts generally agree that another WMF-style attack is no more likely to occur next week than any other, however.
The idea that attacks somehow spike during the holidays is “more of a fallacy than anything else, said David Marcus, security research and communications manager with McAfee’s Avert Labs. “Most enterprises I’ve dealt with have just as much coverage during the holidays as any time of year.”
Microsoft’s Griesi agreed that the traditional holiday business slowdown in the United States does not apply to security professionals. “The holiday season doesn’t affect our ability to respond,” he said.
Though enterprises may be prepared for cyberattacks, the December rush of online shopping does spur certain types of online scams, Marcus said. “You’ll see certain techniques become prevalent at certain times of the year,” Marcus said. “You’ll see some holiday spam or some charity spam.”
Nevertheless, Susan Bradley plans to be a little extra-cautious over the next week, monitoring a well-known computer security discussion list for any signs of trouble. “I will be looking at the Full Disclosure list like crazy,” said Bradley, chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy.
And like Microsoft, many businesses are prepared to quickly mobilize their IT teams in the event of an attack.
At the Port of Seattle, for example, security monitoring will continue as normal over the holidays, according to Ernie Hayden, chief information security manager with the port.
He isn’t sure whether next week will bring another WMF-style outbreak, but he said he was holding to a simple mantra over the holiday season. “Be prepared. Just be a good old-fashioned Boy Scout,” he said. “Don’t expect that everything you’re doing is going to be perfect.”
— Robert McMillan, IDG News Service (San Francisco Bureau)
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.