Microsoft blamed for global worm attacks

Over a third of business users blame Microsoft for the recent rash of worm infections, a survey claimed this month.

  • E-Mail
By  Peter Branton Published  August 28, 2005

Over a third of business users blame Microsoft for the recent rash of worm infections, a survey claimed this month. A web poll conducted by security firm Sophos found that 35% of respondents felt the software giant was to blame for the recent worm attacks, which exploit a newly discovered vulnerability in the Windows 2000 operating system. Variants of the Zoteb worm spread within days of the vulnerability being announced earlier this month, as part of Microsoft’s regular monthly patch update. Networks were hit at several large corporations, including General Electric, United Parcel Services and Daimler Chrysler, where production was temporarily halted at 13 of its plants. Several large news organisations were also hit, including the operations of CNN, the New York Times and the Financial Times. At least 19 separate worms, which all take advantage of the same flaw, a plug and play feature in Windows 2000, have been detected to date. According to the Sophos poll, which received more than 1,000 responses, 35% of business PC users blame Microsoft for the attacks, while 20% blame systems administrators for not patching systems quickly enough. Unsurprisingly, nearly half, 45%, of respondents said that the virus writers do need to take the blame. “The majority of users believe that the virus writer has to take the ultimate blame for deliberately creating and unleashing this worm to wreak havoc on poorly protected businesses,” said Graham Cluley, senior technology consultant at Sophos. “But what is most surprising is that so many people blame Microsoft for having the software flaw in the first place. Users’ anger is perhaps understandable as Microsoft’s security problems and their consequences are felt by businesses the world over,” he said. “Many respondents appear to be incredibly frustrated by the constant need to roll-out emergency patches across their organisations,” Cluley added. While Microsoft has repeatedly stressed in the past year or so that it is more serious than in the past about security for its software – and has launched a number of initiatives to reduce vulnerabilities in its products – Sophos said this latest outbreak will dent confidence in its recently announ-ced plans to provide security services of its own. “Microsoft is stuck between a rock and a hard place when it comes to vulnerabilities,” continued Cluley. “When it goes public about its security holes, a virus can be written to exploit them and many businesses may not have rolled out the patch. If it kept quiet, someone could still write a virus and everyone would ask why Microsoft hadn’t warned anyone of the vulnerability. “In either case these flaws are going to be an ongoing problem as Microsoft tries to convince people it’s a serious player in the security market,” he commented. Microsoft Middle East was unavailable for comment. Impact of the viruses in the Middle East appear to be minimal, with Justin Doo, managing director of Trend Micro MEA, pointing out that the timing of the attacks proved beneficial to the region’s users. “By the time many users had actually turned on their systems here, the automatic update services had had a chance to get to work,” he said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code