While Microsoft weakness is patched, other worms turn

Security analysts say hackers are having a harder time than expected coming up with a workable exploit against the Microsoft ASN.1, giving administrators valuable time to patch their systems.

But while patching for that vulnerability is under way, new worms continue to demand attention.

A new variant of the Bagle worm, Bagle.b, now is spreading rapidly in the wild. It is a mass-mailing worm that installs a back door Trojan on infected machines and appears to be programmed to stop spreading Feb. 25. It has a random subject line, text and attachment name.

Security companies noticed the spread on Tuesday in Europe, and MessageLabs Inc. of New York reported it had stopped more than 96,000 copies of the worm in 66 countries by early Wednesday. Panda Software Inc. of Glendale, Calif., called the mass-mailing worm 'highly effective,' due in part to its ability to spoof the sender's address.

'Money and control appear to be the motive behind Bagle, similar to top worms of 2003,' said Ken Dunham, director of malicious code for iDefense Inc. of Reston, Va.

Dunham also reports that another new worm, NetSky.b, also was spreading rapidly in Europe and Japan Wednesday morning. NetSky is another randomized e-mail worm that also propagates through network shares.

'NetSky.b is like a cluster bomb,' Dunham said. 'It spreads to various networks via e-mail, and then erupts on the network through shared files.'

The one bright spot in the war against malicious code is the difficulty hackers seem to be having in developing a shell exploit for the Microsoft Abstract Syntax Notation 1 Library. Although effective exploit code appeared within days of the vulnerability's announcement, no widespread attacks have been reported.

'Every day that goes by without shell exploit code in the wild for ASN.1 is very good news," Dunham said. 'We are slowly gaining ground on protecting against possible exploitation. It still has potential, but every day that goes by lowers that potential.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected