Experts are advising computer users with renewed urgency to apply a free repairing patch that Microsoft has offered on its Web site since July 16, when it acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software.
The Homeland Security Department cautioned Wednesday that hackers in recent days have successfully tested new tools to seize control of such vulnerable computers over the Internet, stealing data, deleting files or eavesdropping on e-mails. The government also said it had detected an "Internet-wide increase in scanning" for victim computers.
Security companies guarding government and corporate networks have identified sporadic break-in attempts worldwide using such tools and monitored hackers in discussion groups and chat rooms exchanging tips about how to improve the effectiveness of their programs.
Applying Microsoft's repairing patch takes a few moments for home users but is a more daunting challenge for large corporations with tens of thousands of Windows computers - leading to a race against hackers for frazzled computer administrators.
"People are definitely aggressively trying to patch this," said Ken Dunham, an analyst at iDefense Inc., an online security company. "But a large rollout may need to take some time."
Researchers' biggest fears--that hackers will quickly unleash automated "worm" software that attacks large numbers of computers within minutes--have so far been unrealized. Although a major hacker convention, known as "DefCon," takes place this week in Las Vegas, experts said an attack could be launched within days, weeks or months.
"Everybody is predicting a widespread event, going from zero to 60 very quickly," said Dan Ingevaldson, an engineering director for Atlanta-based Internet Security Systems Inc. (ISSX). He estimated the likelihood of a major Internet attack as "closer to imminent than probable."
Depending on the hackers' designs, attack tools could be engineered to disrupt Internet traffic by clogging data pipelines, deleting important files or stealing sensitive documents. Experts cautioned that a particularly clever hacker could leave little trace of an attack.
Oliver Friedrichs, the senior manager for security response at Symantec Corp. (SYMC), predicted that widespread attacks won't occur soon because hackers still need to resolve important glitches in their own attack tools.
"It is a little early," Friedrichs said. "The exploit needs to be perfected. The effort applied to the exploit is certainly increased, but we're not sure if that's indicative of when we might see a widespread threat. People certainly need to be aware of this."
FBI spokesman Bill Murray said bureau investigators were studying several hacker tools designed so far and were highly concerned about a wide-scale Internet attack. "We implore the private sector--both business and home users--to visit the Microsoft Web site and install the patches and mitigations necessary to prevent this from creating a negative effect on the Internet as a whole," Murray said.
The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands. Four Polish researchers who call themselves the "Last Stage of Delirium Research Group" discovered the Windows problem and reported details to Microsoft.
"We know it's possible to write a worm for it. We don't know whether a worm will be written for it," said Steve Lipner, a senior Microsoft security executive. "It's certainly one [flaw] that we look at and say, 'Gee, we'd really like everybody to put that patch on.'"
Citing the flaw, Internet Security Systems previously raised its alert level to its second notch, reflecting "increased vigilance." The company operates an early warning network for the technology industry, the Information Technology Information Sharing and Analysis Center.