Nieuwegein, 17 augustus 2005 – Computer Associates’ eTrust Security Advisor-onderzoeksorganisatie signaleert de snelle verspreiding van een aantal nieuwe wormen. De meest vruchtbare daarvan is de Win32.Tpbot, een bot die zich verspreidt via Internet Relay Chat (IRC). Hackers kunnen zich met behulp van de worm toegang verschaffen tot de PC van een slachtoffer. De worm maakt gebruik van het Microsoft Windows Plug and Play-buffer overflow-lek MS05-039.
“CA verwacht dat er deze week nog meer nieuwe wormen en varianten de kop op zullen steken. We adviseren consumenten en bedrijven om de Microsoft update for vulnerability MS05-039-patch te gebruiken en hun virusscanners te updaten”, zegt Sam Curry, CA’s vice president eTrust Security Management.
Meer informatie over de worm is HIER te vinden.
Computer Associates heeft richtlijnen opgesteld voor consumenten en bedrijven. Deze informatie vindt u onderaan dit persbericht.
-----------------
Over Computer Associates
Computer Associates International, Inc. (NYSE:CA), één van ’s werelds grootste managementsoftware-bedrijven, levert software en diensten op het gebied van beheer, security, storage, life cycle en service management. Hiermee kunnen ondernemingen de performance, betrouwbaarheid en efficiency van hun IT-omgevingen optimaliseren. CA is opgericht in 1976, heeft zijn hoofdkantoor in Islandia, N.Y. en is actief in meer dan 140 landen. Voor meer informatie, zie http://ca.com.
© 2005 Computer Associates International, Inc. One Computer Associates Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Voor verdere persinformatie, fotomateriaal of een interview kunt u contact opnemen met Kim van Bokhoven van LEWIS, PR bureau:
Tel: 040-235 46 00
Fax: 040-235 46 01
E-mail: kimv@lewispr.com
www.lewispr.com
Voor meer informatie over CA kunt u contact opnemen met Gregor Petri, CA:
Tel: 030-604 83 45
Fax: 030-604 73 57
E-mail: gregor.petri@ca.com
--------------------------------------
CA ALERT on Microsoft Vulnerability MS05-039 Worm Exploits
CA is seeing rapid proliferation of multiple new worms and variants released into the wild that are targeted to exploit the recently announced Microsoft Vulnerability MS05-039* and is expecting that additional worms and variants will continue to emerge throughout the remainder of this week. Corporate users are urged to patch their systems with the Microsoft update for vulnerability MS05-039. While patching systems may take up to two weeks in some environments, it is also advised that corporate users take these steps to stay proactive against these threats:
1. Monitor network traffic for enhanced activity on TCP ports 139 and 445. It may be best to block all external access to these ports while working on patching your systems.
2. Update your antivirus with the latest virus signature files. You may want to set the update schedule to more frequent as updates are being issued at a higher rate during this alert period.
The current worms are not only targeting corporations, as consumers have also been affected and are being urged to:
1. Make sure their systems are up to date with the Microsoft patches by visiting the Windows Update page and following the steps required.
2. Update their Antivirus software with the latest virus signature files to detect anything that may already be on their system.
3. Install Firewall software so that it can detect suspicious activity that may already occur on their PC.
In the case that you do not have antivirus or firewall software available to protect your PC, you can download a 30-day free trial at ca.com/consumer.
If your PC is already infected with one of these worms, your ability to update your system with the latest Microsoft security patches and antivirus solutions may be disabled. If that is the case, you will have to consult your antivirus vendor's technical support in order to manually fix the damage done.
Technically minded end users might try to fix the broken updates by checking the Hosts file and replacing it with the fresh one in order to gain access to software updates. The Hosts file contains the mappings of IP addresses to host names. Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. On Windows XP, 2000 and NT systems the hosts file is located at %System%\drivers\etc\hosts. The worm modifies the %System%\drivers\etc\hosts file in order to restrict access to the required sites.
For examples on how the most prolific of these worms can cripple your system through preventing it from running updates and other methods, please visit the following pages below with descriptions of some of the most recent threats:
- Win32.Tpbot.A
- Win32.Zotob.B
- Win32.Esbot.A
- Win32.Drugtob.B
To have the full protection of a computer system these days, the average user have to be more active and make sure they have applied the latest Microsoft security patches along with updating their Antivirus, Anti-Spyware and Firewall protection.
*MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)