Sniffing increases...
By Joris Evers
Published: 24 June 2005 08:30 GMT
A surge in scanning on a port associated with a Windows flaw patched last week suggests that a mass worm attack may be imminent, experts said.
A rise in activity on TCP Port 445 could be a sign that hackers are trying to exploit a flaw in Server Message Block, Gartner analyst John Pescatore said on Thursday.
"Increased scanning does not always mean an attack will happen but it greatly increases the odds that one will," Pescatore said. "I don't think this has a high probability of a worm but if people get lax about patching the odds of worms go way, way up."
Like would-be burglars knocking on doors looking for a likely target, internet intruders sometimes scan random computers to see if a particular network port is available, as a precursor to attack.
TCP Port 445 is used by SMB, which Windows uses to share files, printers, serial ports and also to communicate between computers. Microsoft recently released a fix for the "critical" vulnerability in the protocol as part of its monthly patch cycle.
Increased port scanning has preceded major worm outbreaks in the past, Pescatore said. Alfred Huger, a senior director at Symantec Security Response, also said a worm could be on its way.
Users should patch their systems as soon as possible, they both said.
However, Pescatore and Huger also noted port scanning by suspected hackers is common after Microsoft discloses vulnerabilities. Furthermore, this particular Windows flaw is not easy to exploit, so the scanning may not be an ominous sign at all.
Symantec saw a spike in scanning on TCP Port 445 last week but the probing of the port has since gone back to normal levels, Huger said. "I don't think we should be screaming the barn is burning by any means," he said.
Microsoft is not aware of any active attempts to exploit any Microsoft vulnerabilities via TCP Port 445, a company representative said on Thursday. Also, the software maker has not received any indication of malicious activity associated with the security vulnerability that affects SMB, the representative said.
Joris Evers writes for CNET News.com
ll lead your team to beat sales, items and services targets, and and exploit opportunities to grow sales. own your patch? and gather useful ...
Mobile device testing, Ethical Hacking, Security testing, Vulnerability scanning. Able to identify vulnerabilities and recommend remediation. Able to ...
You will work from home with the flexibility to arrange office team days for cold-calling from several of the client’s corporate offices on ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy