Microsoft: Worm Attack Is Your Fault
Rival hackers have unleashed competing computer worms on the Internet. The worms are designed to exploit recently revealed flaws in various versions of Windows OSs. The worms are most notable for their arrival speed. They're quickly spreading around the globe less than a week after Microsoft announced the flaws they exploit. Microsoft, however, remains surprisingly unimpressed by the fact that some of its biggest customers are being forced to take their PC systems offline.
"We are not aware at this time of a new attack," the company noted in a statement it issued last night. "Instead, our analysis has revealed that the reported worms are different variations of the existing attack called Zotob." Microsoft has reviewed the situation and continues to rate the issue as a low threat for customers.
This statement bears little comfort for companies such as ABC, Caterpillar Company, CNN, Daimler, Chrysler, The Financial Times, Kraft Foods, The New York Times, San Francisco International Airport, SBC Communications, United Parcel Service (UPS), and The Walt Disney Company, all of which suffered computer crashes downtime and repeated reboots because of the worm attacks. According to reports, at least six separate worms have exploited Microsoft's recently revealed flaws. David Maynor, a security researcher at Internet Security Systems in Atlanta, told The New York Times that the hackers responsible were essentially involved in a turf war to control computers in the largest networks around the world.
Despite Microsoft's low threat assertions, security firms are rating this attack as more severe. Trend Micro is using the medium designation to describe the attack, whereas Symantec grades the Zotob attacks as a 3 on a 1 to 5 scale.
But back to Microsoft, which you'd think would be reaching out to customers and not explaining how customers would be fine if they simply upgraded to Windows XP or installed patches the day Microsoft released them. Zotob has thus far had a low rate of infection, the aforementioned statement continues. Zotob only targets Windows 2000. Customers running other versions, such as Windows XP, or customers who have applied the MS05.039 update to Windows 2000 are not impacted by this attack.
Only Win2K, eh? According to AssetMatrix, Win2K is the most often used Windows version in medium and large sized corporations, edging out XP 48 percent to 37 percent. Put another way, roughly half of all Windows installations in corporations are Win2K.
So we have an interesting situation. Hackers are now able to exploit Windows flaws within days and when they do so, Microsoft admonishes the corporations that are affected by these attacks. No offense to the world's largest software company, but that's no way to talk to customers.
Coming Soon: PDC 2005
Less than a month from now, Microsoft will gather thousands of software developers from around the globe in Los Angeles and kick off Professional Developers Conference (PDC) 2005, a highly anticipated event that will center on Windows Vista Microsoft Office 12 and other upcoming Microsoft technologies. PDC 2005 will begin September 13 and feature a keynote address by Microsoft Chairman and Chief Software Architect, Bill Gates, and appearances by several other Microsoft executives.
"For nearly two decades, Microsoft's Professional Developers Conference has served as a place for developers passionate about software to connect with their peers in the global developer community," a Microsoft press release notes. Attendees can attend in depth technology sessions and hear about the latest technology advancements through keynote addresses, interactive labs, community forums such as "Ask the Experts and Birds of a Feather" sessions and many more activities. Developers at PDC05 will also benefit from symposiums that present vital information on important topics such as the future of software security and architecture.
In October 2003, Microsoft embarked on the most ambitious PDC of all time, revealing for the first time details about Windows Vista, then known by its Longhorn code name. This PDC is expected to be just as exciting and information packed and as you might expect. I'll be covering the entire event live here in WinInfo Daily UPDATE and on the SuperSite for Windows Stay tuned.