Next Stage of Blaster Worm to Threaten Service Availability
Captus Provides TLIDSâ„? Policy Templates to Prevent Breach
woodland, Calif., August 15, 2003 – For companies that fell victim to or survived the latest worm (W32/Blaster-A) attacks earlier this week–especially those concerned about the predicted Denial of Service (DoS) attack targeted at the Microsoft Update server this Saturday –Captus Networks, provider of the Captusâ„? IPS 4000 series of intrusion prevention network solutions, offers aid to immediately stop the effects of this worm. Captus Networks has provided a policy template to their customers to protect against this threat.
The Blaster worm exploits vulnerabilities found in Microsoft NT 4.0, 2000, XP, and 2003 operating systems. Unlike typical viruses, computers can be infected without opening or running the infected file. If undiagnosed and untreated, hackers could use infected computers as “zombies” or unwilling participant machines in future network attacks.
Contrary to a few recent industry articles that have suggested that DoS attacks cause little or no damage to affected systems, network resources can be significantly impaired during an attack. According to the CERT Coordination Center, an intruder may be able to consume all available bandwidth on a network by generating a large number of packets directed to the network. Additionally, some hackers embed scripts that allow for the remote use of computer processing systems.
For companies that have not yet deployed an intrusion prevention solution, the following steps should be taken immediately to diagnose and treat infected systems:
§ Follow the steps to identify and remove infected files on the CERT Coordination Center site at http://www.cert.org/tech_tips/w32_blaster.html
§ Download the appropriate patch for your computer on the Microsoft OS update page at http://v4.windowsupdate.microsoft.com/en/default.asp
§ Download the latest updates available for your computer’s operating system, software, and hardware listed in Microsoft’s “Critical Updates and Service Packs” at http://v4.windowsupdate.microsoft.com/en/default.asp
§ Evaluate intrusion prevention solutions that dynamically mitigate the effects of worm/virus threats (Captus provides information about intrusion prevention http://www.captusnetworks.com/solutions/pna_idp.html and information about DoS mitigation at http://www.captusnetworks.com/solutions/pna_ddosm.html
About Captus Networks
Captus Networks Corp. provides comprehensive intrusion prevention security solutions for enterprises, ISP’s, government agencies and universities that need to ensure predictable network availability while minimizing operating costs. The company’s unique business-driven, policy-based security approach automatically preempts all types of unwanted network behavior. Captus is privately held and headquartered in Woodland, Calif. For more information visit www.captusnetworks.com or call (877) 9-CAPTUS.