Yet another worm is in the wild. As usual the media quickly picked up the story and turned it into another "ILOVEYOU" industry. But why do I use the word industry? Basically, because such large scale security implications for the Internet usually create a "marketing window" opened for security companies and anti-virus vendors who quickly start capitalizing on them by placing sponsored links or offering clean-up tools on their web sites, and as long as information and removal tools are free for an accident like this, there's nothing wrong with that. But there's something else to consider, it keeps happening again and again, and still nothing changes. The scenario repeats itself, over and over again; another worm is in the wild, exploiting a recently discovered vulnerability in a popular software, or relying on nothing more than peoples' naivety. The recent MyDoom Worm successfully infected enough victims in order to shut down SCO's web site, followed by new variants that targeted Microsoft's web site. This paper isn't intended to discuss the motives of the author, instead it will help you understand how worms enter your network, how you can block them before they even reach your internal network, and how to act in case they get in.

By Dancho Danchev at WindowSecurity.

[ Read more ]

Related items

• Review: Windows XP Hacks (14 November 2003)
• Review: HackNotes Windows Security Portable Reference (13 October 2003)
• Review: Windows XP Secrets (15 September 2003)
• Review: Windows XP Professional Security (5 May 2003)