Microsoft’s Own Machines Vulnerable To ‘Sapphire’ Worm
Company Didn’t Use Own Security Patches
POSTED: 10:09 a.m. EST January 28, 2003
The computer worm that infected computer servers running Microsoft software hit the software giant’s own machines because the company failed to install its patches on its own computers.
A spokesman said the viruslike worm, known as “Slammer” or “Sapphire,” slowed some Microsoft computers but caused no major problems.
Security experts said it shows that Microsoft’s approach to fixing software is inherently flawed.
But spokesman Rick Miller says it only demonstrates that Microsoft’s Trustworthy Computing campaign is just beginning.
The computer attack slowed computers across the world over the weekend, and knocked some ATMs offline for a time.
Meanwhile, experts said that whatever damage was done seems to be over now. Security experts were looking closely at the start of business Monday to see if machines that had been idle over the weekend might help spread the worm further when they were fired up first thing Monday morning.
The new attacks were nowhere near as intense as those on Saturday. Analysts were still trying to determine how the worm did so much damage.
Meanwhile, investigators were running into a dead end when it comes to tracing the origin of the problem.
At first, it was thought that the worm originated in Hong Kong. A U.S. Internet executive said disruptions first appeared in Hong Kong before spreading to other Pacific Rim nations, then into the United States and Europe.
But another computer expert said that while the worm could have been timed for release in the Pacific, that doesn’t mean it was launched from Hong Kong.
In fact, a government-funded computer expert team in Hong Kong said that while it’s investigating the source of the worm, it would be hard to pin down the exact origin of the computer attack.
http://www.thekcrachannel.com/technology/1940013/detail.html