Symantec Reports Spate of Attacks Via Recent Windows Flaw

← Back to Stories (view on slashdot.org)

Symantec Reports Spate of Attacks Via Recent Windows Flaw

Posted by timothy on Tuesday November 25, 2008 @02:47AM from the sir-it-seems-to-be-the-windows-again dept.

Surprised Giraffe writes "Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft's Windows operating system, an analysis that some other security companies disputed. Symantec raised its Threat Con security alert level from one to two because of the attacks, with two denoting 'increased alertness.' The attacks spotted by Symantec target a flaw in the Windows Server Service that Microsoft says could be exploited to create a self-copying worm attack."

7 of 56 comments (clear)

Min score:

Reason:

Sort:

From TFA... by TheNecromancer · 2008-11-25 02:52 · Score: 5, Interesting

Arbor Networks disputed Symantec's interpretation, saying, "we're not seeing this rise, not on TCP port 445 and not on TCP port 139. Looking over the last month we don't see this rise in MS08-067 attacks that would raise any alarms for us," in a Friday blog posting.
Both McAfee and Microsoft echoed those sentiments.

Seems like a shameless plug for Symantec to "look better" than their competitors. Crying wolf here won't get them the additional sales they think they will get.

--
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
1. Re:From TFA... by yuna49 · 2008-11-25 07:17 · Score: 3, Interesting
  
  The data from SANS Internet Storm Center shows significant recent increases in traffic on port 445. From this graph of traffic since January, we see an decline in traffic until September with the exception of a very large bump in late spring (some early testing of the exploit?).
  Suddenly there was a big surge in port 445 traffic around September 1st. (The correlation between this event and the start of the school year is intriguing.) This surge looks suspiciously orchestrated to me. We also see a substantial, but short-lived decline in target traffic after Microsoft released its November 1st patch kit.
  What's much more disturbing is the trend in sources which has spiked to incredibly high levels in the past week. This could represent a concerted attack on unpatched machines by those already infected. It also shows how many machines could really be infected but slumbering until needed.
*GASP* Threat Con Level at TWO! by GogglesPisano · 2008-11-25 03:00 · Score: 4, Informative

What's the maximum? Maybe eleven, or perhaps over 9000?
1. Re:*GASP* Threat Con Level at TWO! by Koiu+Lpoi · 2008-11-25 04:00 · Score: 3, Informative
  
  WHAT? NINE THOUSAND? There's no WAY that could be right!
According to a leaked internal Symantec memo by neonux · 2008-11-25 03:06 · Score: 5, Funny

The 'levels' are :
1 - Normal alertness
2 - Increased alertness
3 - ???
4 - PROFIT !!!

--
@neonux
Re:Missing analysis: by zappepcs · 2008-11-25 03:29 · Score: 3, Interesting

Now you've gone and done it. If Symantec et al were to try to cover such exploitable possibilities, they'd have to have sales and marketing information that explains them. Sounds reasonable until you think about it. Their business model is built on selling crap^H^H^H^Hsoftware to people who don't want to think and explaining it to them would only expose them to ridicule when people start asking why they need to pay for something that has better free alternatives? If it was not bundled in the system when purchased Symantec would be out of business by now.
There are hundreds of ways to compromise a computer system and then it's peers. Antivirus software can only hope to attempt to protect a machine from the most probable threats, not all threats, not even all types of threats.
You can play in a sandbox, in a park, away from the highway... or ... your can move your sandbox to the median of an eight lane highway. Your choice. No matter what you choose you will still find a dog turd in it sooner or later. Point being that anytime an anti-virus company blathers on about new attacks, it's likely to be FUD or worse, it's marketing.

--
Support NYCountryLawyer RIAA vs People
Save slashdot space.... by The+Real+Tachyon · 2008-11-25 06:28 · Score: 4, Funny

Why don't we just have a running headline banner that says something like...

{someone} discovered a serious security flaw in Microsoft's {product} and {offered to sell a solution|berated Microsoft}. They say the flaw should be {ignored|taken seriously} and that if it wasn't that there was a strong possibility of {not much|major|catastrophic|universe collapsing} repercussions.

{Mac|Linux} users were reported to gloat and tell everyone they were idiots for not switching to {Mac|Linux}. BSD users were running around naked, covered in crayon scribbling, and jabbering "definitely time for BSD, definitely....or Wopner"

Microsoft responded today by {downplaying|ignoring|finally patching after months but breaking something else with the patch} the threat.