“Although the initial attack on Windows 2000 PCs by bot worms exploiting a week-old vulnerability hasn't grabbed much traction, the way hackers jumped on the bug is proof that the patching "window" is virtually non-existent, said security experts Tuesday.
"The last week showed once more that there is no more patch window," wrote Johannes Ullrich, chief research officer at the SANS Internet Storm Center, in the group's daily alert. "Defense in depth is your only chance to survive the early release of malware."
Exploits were circulating within three days of Microsoft disclosing the Plug and Play vulnerability and offering up a patch, and within five days, several bot worms -- notably Zotob.a and Zotob.b -- were attacking systems.
"Microsoft must be fuming that virus writers are exploiting security holes in their software so quickly," said Graham Cluley, senior technology consultant for security vendor Sophos, in a statement. "It's not only embarrassing for the software giant, but a real headache for businesses who need to move quickly to roll out security patches."
The reason for the fast hacker turn-around, said Ullrich, is that attackers are sharing more and more information. "Malware can only develop as fast as it is developing in this case because of extensive code sharing in the underground," Ullrich said. "The only way we can keep up with this development is by sharing information as efficiently.
"We need to outshare the attackers.…" ”
http://www.crn.com/nl/security/showArticle.jhtml?articleId=168602090
Posts
