_____About Filter_____ Filter looks at the day's top technology news through snapshots and analysis of what the world's media outlets are covering. Washingtonpost.com's new Mon.-Fri. feature is penned by technology reporter Cynthia L. Webb. If a technology story breaks, a company falters or triumphs, or there's a new trend in technology, Filter wants you to know about it. _____Filter Archive_____ • What Outsourcing Problem? (washingtonpost.com, Jun 11, 2004) • Will the Beatles Finally Let It Be Online? (washingtonpost.com, Jun 9, 2004) • Oracle's Perry Mason Moment (washingtonpost.com, Jun 8, 2004) • Biotech: Mainstream or Pipe Dream? (washingtonpost.com, Jun 7, 2004) • The Ballmer Treatment (washingtonpost.com, Jun 4, 2004) • More Past Issues __ Filter E-mail Reminder __ Sign-up for our daily e-letter for one-click access to Filter and other TechNews.com features. • Subscribe E-Mail This Article Print This Article Permission to Republish

By Cynthia L. Webb
washingtonpost.com Staff Writer
Thursday, June 10, 2004; 9:38 AM

Using a personal computer these days is like playing virtual dodgeball, but with spam and hacker attacks subbing in for the big red ball.

Microsoft's Windows operating system continues to be the prime hacking target, especially since it powers more than 90 percent of the world's PCs and is rife with security holes.

The latest hacker flare-ups are going after the same flaw that the Sasser worm exploited. "Sasser put a spotlight on yet another security hole in Microsoft's Windows computer operating system by knocking down business, government and transportation systems around the globe. Now, in what is becoming a familiar pattern, attackers have launched a steady stream of smaller-scale assaults, looking to break into Windows PCs exhibiting the same vulnerability exploited by Sasser," USA Today reported today. "Attackers are having a field day with this one flaw," Ed Skoudis, co-founder of Internet security firm Intelguardians, told the paper.

More from the article: "The weapons of choice: self-propagating worms, more refined and invasive than the fast-spreading, but otherwise relatively benign, Sasser. Attackers also are increasing deployment of powerful stealth programs, called bots, designed to turn a compromised PC into an obedient soldier awaiting orders to broadcast spam or steal log-ins. What's more, hacking specialists, dubbed bot-herders, are assembling bot armies of thousands of compromised machines and using them to extort protection money from gambling Web sites. They do this by threatening to dispatch a bot army to flood a Web site with bogus requests so it can't transact bets."
• USA Today: Sasser Inspires Raiders To Jump In

Just this week, Kaspersky Labs "intercepted a new virus threat called Plexus which spreads through local networks and the internet as an attachment to infected emails, according to the Russian anti-virus firm," The Sydney Morning Herald's online edition reported. "The worm spreads in three different ways: as an email attachment, via file-sharing networks and using the LSASS and RPC DCOM vulnerabilities in MS Windows which previous worms like Sasser and Lovesan did, it has warned." McAfee also has information on Plexus on its site, along with a list of newly discovered threats like the Korgo e-mail worm.
• The Sydney Morning Herald: New Worm Exploiting Sasser Route

Maybe you didn't read it here first, but read it again anyway: Don't open strange e-mail attachments and if you get something unexpected from a trusted e-mailer, call them or e-mail them to make sure it's not a virus-laden fake. The e-mail subject line "Re: Document" and just plain "Re: Your Photos" is probably not something you want to risk opening. And if you use Microsoft's Outlook e-mail program, at least disable the auto-preview function to avoid opening e-mails willy-nilly. Finally, tell relatives and acquaintances to quit sending chain mail and random attachments that warn of viruses -- it's one more example of the old "crying wolf" cliche.

However, Larry Seltzer of eWeek.com argued in an op-ed earlier this week that mass mailing worms "have seen their best days."

More from Seltzer: "Just the other day Kaspersky Labs wrote up a dire warning about the new Plexus.a worm that combines the usual mail and network share infection routes with exploits of the LSASS and DCOM vulnerabilities. Given that multiple individual worms exist that use these techniques individually, I fail to see why one worm that uses multiples of them is anything new to be scared of... And it's only going to get harder for these worms. As I've written before, some form of SMTP authentication is coming, and one thing it is likely to do is to kill off the existing generation of mail worms, which should no longer even reach the destination mail server. It's conceivable that worm authors could employ new techniques to get their messages authenticated, but it still won't be the same for them. With no spoofing, it will be easier to track them down and alert infected users." eWeek.com has a package of articles on e-mail worms in 2004.
• eWeek: The End of the Mass-Mailer Worm Era

Microsoft, meanwhile, is readying an upgrade for Windows XP computers, a service pack with more security bells and whistles, USA Today noted. "We hope SP 2 will mitigate the threats our customers are facing," Stephen Toulouse, Microsoft's security program manager, told the paper.

The company also has been vigilant about hunting down hackers. "When indications of a worm exploiting the LSASS vulnerability in Windows surfaced April 30, the staff at Microsoft Corp.'s Security Response Center didn't hesitate; they knew exactly what to do. Within an hour of the first reports of the worm, which would later come to be known as Sasser, Kevin Kean was on a conference call with the company's internal penetration testers, field representatives and partners in the Virus Information Alliance. The group went over details to determine whether the threat was serious enough to call out the heavy hitters and move into what's known as 'immediate response' phase," eWeek reported. "From there, the chase was on. Microsoft's internal analysts and security and forensics experts worked around the clock with the help of law enforcement officials and outside specialists to analyze Sasser code, searching for any clue that might lead them to the worm's creator. And in this case, after a week of long hours, hard work and not a little bit of luck, the effort paid off with the arrest and indictment of an 18-year-old German man who authorities say has confessed to writing not only Sasser but the Netsky family of viruses as well."
• eWeek: Microsoft's Swift Response Nabbed Sasser Suspect