DHS warns of possible cyberattack

DHS warns of possible cyberattack

The Homeland Security Department this week warned that a vulnerability of some Microsoft Windows operating systems may be used as a basis of wide-scale cyberattacks.

The department's Information Analysis and Infrastructure Protection National Cyber Security Division announced it has seen increased scanning across the Internet for computers vulnerable to attack.

Microsoft Corp., whose operating systems are affected, also noted the increase. 'We have become aware of some activity on the Internet that we believe increases the likelihood of exploiting this vulnerability,' a technical bulletin said.

Ken Dunham, malicious code intelligence manager for security analysis firm iDefense Inc. of Reston, Va., said what makes this vulnerability different from others is its high stature among malicious hackers.

'The key difference is that the exploit code and the scanning tools are widely available and very much promoted in the underground, as opposed to other vulnerabilities that may not have a scanning tool or have exploit code,' Dunham said.

Dunham said at least one underground group has been working within the past 48 hours to write a worm to exploit the vulnerability. Also, he said, computers owned by universities in the northwestern United States also have been scanned frequently by unknown parties, probably to install Trojan horse programs that log keystrokes or gain remote control.

The vulnerability could be serious because it allows remote users or viruses to take control of a computer. The vulnerability stems from a faulty method used by Windows to handle commands issued by another computer over a network.

'The attacker would be able to take any action including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges,' Homeland Security's advisory said. The OSes potentially vulnerable are Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003.

DHS has issued two advisories in the last month. Although Microsoft posted a patch to fix the problem, concern remains over unpatched computers.

Gerhard Eschelbeck, chief technical officer and vice president of engineering at network security company Qualys Inc. of Redwood Shores, Calif., said systems administrators should take a close look for what he called covert channels, or ways a worm or virus could sneak into a network behind firewalls.

Possible entry points include virtual private networks or portable computers that might have been infected through home use.

Eschelbeck said that, if released, a worm based on this vulnerability could do more damage than the Slammer worm that ravaged some government systems earlier this year.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • secure cloud choices

    Public cloud security doesn't end with the cloud provider

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group