Worm a Sign of Horrors to Come?
The attack forced Maryland's motor vehicle agency to close for the day and kicked Swedish Internet users offline as it spread.

Security experts said the world was lucky this time because LovSan is comparatively mild and doesn't destroy files. They worry that a subsequent attack exploiting the same flaw -- one of the most severe to afflict Windows -- could be much more damaging.

"We think we're going to be dealing with it for quite some time," said Dan Ingevaldson, engineering manager at Internet Security Systems in Atlanta.

Although LovSan does not appear to do any permanent damage, Ingevaldson said instructions to do that could easily be written into a worm that propagates in the same way.

Microsoft itself still faces the wrath of the worm's coder.…

The attack was preventable for many machines running Windows. On July 16, Microsoft posted on its website a free patch that prevents LovSan and similar infections. The patch fixes an underlying flaw that affects nearly all versions of the software giant's flagship Windows operating system.

Notwithstanding high-profile alerts issued by Microsoft and the Department of Homeland Security, many businesses did not install the patches and scrambled Tuesday to shore up their computers.

Security experts say patches often stay on "to do" lists until outbreaks occur.

"You're looking at 70 new vulnerabilities every week," said Sharon Ruckman, senior director at the research lab for antivirus vendor Symantec. "It's more than a full-time job trying to make sure you are up-to-date."

Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.

"Ultimately, it's a flaw in our software," he said.

Non-Microsoft systems were not vulnerable, though some may have had trouble connecting with websites, e-mail and other servers that run on Windows.

Symantec's probes detected more than 125,000 infected computers worldwide.

The worm exploits a flaw in a Windows feature for sharing data files across computer networks. It was reported Monday in the United States first and spread across the globe as businesses opened Tuesday and workers logged on.

Additional U.S. computers were hit Tuesday, and Maryland's Motor Vehicle Administration shut all its offices at noon.

"There's no telephone service right now. There's no online service right now. There's no kiosk or express office service," spokeswoman Cheron Wicker said. "We are currently working on a fix and expect to be operational again in the morning."

In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers that handle Internet traffic.

Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. He said the problems did not affect production.

The worm also affected networks in China, but the damage apparently was not serious.…

http://www.wired.com/news/infostructure/0,1377,59994,00.html
http://www.wired.com/news/technology/0,1282,60019,00.html