MS05-039

Current estimates are way too optimistic.

It was Microsoft's thirty ninth security bulletin of the year. (It's been a slow year.) A vulnerability was reported to Microsoft and they supposedly resolved it. [The astute reader will remember the Redmond hype a few years back about automated programs that comb their source trees for holes. Ed.]

It was a remote execution vulnerability in Microsoft's genial Plug and Play (aka 'Plug and Pray'). It allowed an attacker to take complete control of an infected Microsoft system. The attacker could then install programs, modify and/or delete data, and even create new system accounts with full user rights.

Soon 250,000 machines world wide were affected. What was dramatic was not the number but the speed. It took hacker gangs a matter of hours to start a zombie war to control the computers. The Financial Times of London claim twelve gangs are currently in the melee.

Several high profile multinationals were hit hard: CNN, the Financial Times, Boeing, the Associated Press, the New York Times, ABC News, General Electric, Caterpillar, and Disneyland.

Disneyland's 2,000 computers - and their cash registers, their cast deployment system, their employee management system, and their Fast Pass dispensers - all were knocked out. Everyone's park ticket had to be scanned manually, and when the systems came back online they still wouldn't work because some admissions had not entered the broken system. Employees didn't know where to go to work because that system was out too.

ABC News producers used electric typewriters to prepare their 'World News Tonight' broadcast, according to their spokesman Jeffrey Schneider.

Twelve thousand (12,000) computers were knocked offline in San Diego county CA.

There are at time of writing 1,080 [sic] links to this story at Google UK. Clearly current estimates as to the number of fools on the planet are way too optimistic.

Windows 2000 bug starts virus war
http://news.bbc.co.uk/2/hi/technology/4162124.stm

Worm War II
http://theregister.co.uk/2005/08/18/pnp_worm_wars/

Is latest can of worms a cyber-crime turf war?
http://silicon.com/0,39024729,39151483,00.htm

Security experts offer calm in the Windows Plug-and-Play storm
http://www.ameinfo.com/66027.html

Disneyland brought low by Windows worms
http://boingboing.net/2005/08/18/disneyland_brought_l.html

Worm rooted out of county government computers
http://signonsandiego.com/news/metro/20050818-9999-7m18worm.html

For Worm Writers, Speed Thrills
http://businessweek.com/technology/content/aug2005/tc20050818_0865_tc119.htm

Turf war erupts as hackers send viruses to hijack PCs
http://guardian.co.uk/business/story/0,3604,1551142,00.html

New computer worms attack over 100 US companies
http://english.people.com.cn/200508/18/eng20050818_203207.html

Competing 'worms' hit US news providers
http://news.independent.co.uk/world/americas/article306584.ece

Windows Worm Goes Global
http://internetnews.com/security/article.php/3528101

Major news organisations hit by fast spreading virus
http://computerweekly.com/Articles/2005/08/17
/211377/Majornewsorganisationshitbyfastspreadingvirus.htm

Variants of spreading Windows worm emerge
http://businessweek.com/ap/financialnews/D8C1KABG1.htm

Plug and Play pandemonium
http://theregister.co.uk/2005/08/17/plug_and_play_worm_pandemonium/

Windows worm causes red faces
http://blogs.guardian.co.uk/online/archives
/2005/08/17/windows_worm_causes_red_faces.html

Worm Burrows Into Network Flaw
http://www.cbsnews.com/stories/2005/08/17/tech/main781643.shtml

CNN, FT Computers Attacked by Microsoft Windows Worm
http://www.bloomberg.com/apps/news?pid=10000103&sid=aPrKdHO1jQOI

FT briefing: The Zotob and Esbot worms
http://news.ft.com/cms/s/112bcc04-0f0d-11da-8b31-00000e2511c8.html

250 000 PCs down
http://www.macworld.co.uk/news/?NewsID=12380

Windows worm hits global systems
http://www.macworld.co.uk/news/?NewsID=12363

Windows worm beginning to spread
http://macworld.com/news/2005/08/17/worm/