by Paul F. Roberts

Four Major Worm Attacks in August 2003

Oct 15, 20032 mins

What a month. Human frailty, spam and a dangerous Microsoft Windows vulnerability combined to produce four major Internet worm attacks in August. A rundown:

  • The W32.Mimail, a mass e-mailed worm, looks like a system administrator’s message.
  • The W32.Blaster Internet worm exploits a flaw in Windows’ implementation of the remote procedure call (RPC) protocol and spreads worldwide in a matter of hours, infecting hundreds of thousands of Windows machines.
  • Others emerge that exploit the same vulnerability as Blaster, including W32.Welchia, which disrupts networks while PC users try to patch the RPC vulnerability.
  • A new version of the Sobig worm, W32.Sobig.F, bombards e-mail accounts worldwide.

Experts agree that these worms are so effective because they spread rapidly via e-mail, they attack Windows, and they are relatively easy to assemble. The only consensus about prevention is on how much work it takes: for Microsoft, antivirus vendors and user companies.

CIO John Halamka of CareGroup and Beth Israel Deaconess Medical Center says a combination of firewall, network intrusion detection systems, antivirus software and patches worked to keep his facilities worm-free during the outbreak. Halamka’s IT staff held what he called an “all nightmare-athon” patching session in late July for the hospital’s 130 Windows servers. Worm-free, yes. Cost-free, no.