In-Depth

News In Brief

Shrinking budgets, new worm variants, and an updated Web Filter VS

• By Mathew Schwartz
• 03/19/2003

Top Security Concern: Shrinking Budgets

According to a new survey by OpenService (http://www.open.com), a network security management solution provider in Westborough, Mass., the top security concern of senior security managers is shrinking IT budgets. Workload for 89 percent increased as a result of smaller budgets, though 72 percent feel more secure in their jobs than a year ago.

Perhaps surprisingly, while 89 percent of respondents think identifying threats in real time is critical to overall security, only 5 percent say they can achieve this, and overall 93 percent were using identification processes that were at least partially manual. For so-called “blended multi-point attacks,” professional attacks that hit a company several ways at once, 60 percent say they have no way of identifying such attacks, a significant liability.

Also, despite the looming specter of war, OpenService says no CSO, CIO, or CEO cited cyber-warfare or terrorism as a top threat this year. No word on if there were military respondents.

CodeRed Kin Comes Calling

Symantec Security Response announced a new, minor variant of CodeRed II that was found in the wild. Dubbed CodeRed.F, the variant differs from the original by two bytes. Like CodeRed, it can also use a buffer overflow to spread itself and can give a hacker full, remote access to the affected Web server. Symantec categorizes it as a “high threat.” The vulnerabilities are in Microsoft Index Server 2.0 and Indexing Service in Windows 2000.

Organizations should have already patched their Microsoft IIS Servers. Just in case, here’s a patch: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

SurfControl Tunes, Updates Linux Web Filter Software

SurfControl released Web Filter VS version 2.3 for Linux. The Internet content filtering software supports sites using Linux in network operations, and now supports major anti-virus tools and content management capabilities to enable companies to filter by individual or group IP addresses. With support for third-party anti-virus products, sites can also scan HTTP and FTP traffic for viruses. Companies can filter Internet access and usage by tying into users and groups in an LDAP, as well as by IP address. Web Filter can also block pop-up windows and banner advertising.

The upgrade fixes performance and operating issues. It is free for users with a current SurfControl license. Upgrades from previous versions must completely uninstall the old version and install fresh version 2.3. For new users, pricing starts at about $8 per user.

More information: http://www.surfcontrol.com

The Problem With Poor Passwords

In an interesting twist on poor password selection coming back to haunt users, meet W/32 Deloder-A. The new worm attempts to connect, via TCP at port 445, with computers running Windows that have file sharing enabled, by using a list of 50 common passwords, including “admin,” “password,” and “love.” Don’t say we didn’t warn you.

Once it has compromised a PC, the worm leaves software that installs a back door on the computer, giving an attacker remote access. The worm also copies itself to the computer, then tries to find other network-attached devices to infect.

More information: http://www.f-secure.com/v-descs/deloader.shtml