Battle against Blaster continues

Australian businesses are still shoring up their IT systems, despite reports that incidents of infections from the Blaster worm are stabilising.

Jamie Gillespie, a security analyst at Australia's National Security Response Team (AusCERT), said that it hadn't seen much change over the past couple of days, with the worm continuing to spread.

'However, through user education we are noticing computers and networks being patched and protected,' Gillespie said. '[We're] hoping that this trend will continue for this worm, and future infections as well.'

Managed security services company, TruSecure, was also warning companies that the worm remained a serious threat to global business if it wasn't dealt with properly.

Stuart Johnstone, senior security analyst at TruSecure Australia/New Zealand, said that the level of attacks had stabilised, but not diminished.

'We will see a steady level of attacks for the foreseeable future, based on the fact that Slammer is a similar worm and is still attacking systems even to this day,' Johnstone said.

He estimated that Blaster -- also known as MSBlast -- was three times more prevalent than Slammer and much more damaging to the infected machine.

TruSecure's statistics from yesterday showed that the total number of unique hosts that have attacked increased 67 percent yesterday, according to a statement issued by the company.

It also found that the average number of attacks per host was at 12.4, with the most number of hosts that attacked in a single hour at 27.

Anti-virus companies were also continuing to see increased interest from end users trying to find out about the worm.

Allan Bell, marketing director at anti-virus software vendor Network Associates, said that its call level from customers was still running at double the normal rate.

'[It's] more about how people can make sure they don't get hit in the future, so they're making sure they're up-to-date,' Bell said.

According to Bell, Network Associates was also getting calls from consumers concerned about potential denial-of-service attacks.

Likewise, some industry pundits were warning that the Blaster worm was a timely reminder to companies to make sure they had adequate security practices in place.

Steve Bittinger, research director at industry analyst Gartner, said that Blaster was comparable with other notable worms and viruses that had been released, in terms of how companies were affected.

'In some cases it can be a substantial repair bill, even for machines that aren't affected,' Bittinger told CRN.

He said organisations couldn't afford to leave unaffected machines alone, for example, because of the possibility that someone might bring a laptop onto the network that had the virus.

Bittinger said that it highlighted the fact that firewalls and patches alone weren't enough. 'Vulnerabilities are always out there,' he warned.

Richard Turner, vice president for Asia Pacific at security vendor RSA Security, said that worms such as Blaster were increasingly frequent. Turner also used the example of 'ghost' Websites -- fraudulent sites that were set up by spammers attempting to get people to reveal confidential information -- as another example of the need to pay increased attention to security.

'It highlights the need for banks and other businesses generally to really push out what they're doing on information security,' he said. Microsoft had also today issued an alert, making available a network scanning tool to network administrators.

The tool allowed them to identify host computers that don't have the Blaster worm security patch, according to a statement issued by Microsoft. This is available at: http://support.microsoft.com/?kbid=826369.