Hackers Moving Faster To Exploit Vulnerabilities

While the creator of the Sasser worm has been apprehended, the lessons learned from the latest cybersecurity attack demonstrate that there's a new security issue looming: Hackers bent on creating mischief are moving more quickly to exploit vulnerabilities in Microsoft code.

"Sasser was pretty fast," David Cottingham of AT&T said Monday in an interview. "Microsoft announced [the vulnerability] on April 13." Two weeks later the worm was wending its way around the Internet. "It's getting shorter all the time," he said. "In the past, viruses and worms sometimes took months to develop."

Cottingham, director of AT&T Managed Security Services, said the problem is that many IT managers are too slow to install patches to Microsoft's vulnerabilities. They need time to evaluate all the vulnerabilities, which are proliferating. "Companies don't want to be doing patches all the time," he said. "It's a tough job for security administrators to keep track of everything."

Microsoft's next round of monthly vulnerability announcements is scheduled for Tuesday, and Cottingham urges IT managers and security officers to move quickly to install patches to ensure they're protected. He noted that users who had installed the patch for "MS 04-011"--the vulnerability exploited by the Sasser writer--were protected from all four known variants of Sasser. The worm exploited a weakness in Microsoft Windows Local Security Authority Subsystem Service.

Sasser has a deadly feature--it spreads from server to server and is not activated by E-mail. "There's no user intervention," he said. "That makes it more dangerous."

Microsoft is scheduled to introduce an XP feature later this year that would install security patches automatically.

Cottingham warned that Sasser is likely to pop up among unsuspecting users for at least a year.