Worms part of IT diet

commentary Some security experts believe that it's only a matter of time before a "superworm" is unleashed. Others have brushed it aside as mere myth.
Written by Fran Foo, Contributor
commentary Some security experts believe that it's only a matter of time before a "superworm" is unleashed. Others have brushed it aside as mere myth.

Then there are those who say such talk is an attempt by antivirus and security software companies to instill fear in home and enterprise users.

It's impossible to predict what lurks in cyberspace but there has been sufficient evidence and warning signs for the corporate sector, especially, to wake up and smell the patches.

In this day and age, response to new worm and virus outbreaks has been reduced to a pretty banal affair. IT departments now view patch management as a natural part of their daily activities.

This being the case, it was alarming to read about Westpac's failure to defend itself. One of Australia's largest banks, it fell prey to the Sasser worm, which is wreaking havoc on the Internet at the moment by crashing vulnerable Windows 2000 and Windows XP computers.

According to Microsoft, Sasser exploits the Local Security Authority Subsystem Service (LSASS) buffer-overrun flaw that was addressed by an April 13 security update released in conjunction with the Microsoft Security Bulletin MS04-011.

Sasser (w32.sasser.a) and Sasser.b (w32.sasser.b) randomly scan local networks and the Internet to look for additional systems to infect. They don't require e-mail or user interaction to spread. The worms use a bootstrap effect by infecting new machines first, then downloading the full code from a previously infected machine.

On Monday, ZDNet Australia  reported that Sasser had crippled Westpac's systems, forcing bank employees to bar customers from its branches. Clients were instead instructed to use alternative solutions including automated teller machines and its online banking service.

A Westpac spokeswoman said customer accounts were not compromised and insisted that the whole episode had little impact on customers.

She said the bank was in the process of patching systems and that it would be business as usual the next working day.

Why Westpac failed to run the patch in April is beyond comprehension; technology head Michael Coomer will surely have some explaining to do.

The aftermath of Sasser and its kin drives home a clear message: "Computers which are not properly protected with anti-virus updates, firewalls and Microsoft's security patches are asking for trouble," Graham Cluley, senior technology consultant at Sophos, warned.

Westpac can afford to breathe a sigh of relief this time around but as a Microsoft user, it should learn one thing -- there's no running away from investing money, time and resources into every single patch. Simply put: you make the bed, you lie in it.

Editorial standards