Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

The Next Big Worm?

Everyone remember Blaster? There are concerns that the next big Internet worm is about to surface, based upon a vulnerability revealed by Microsoft in the Windows implementation of Server Message Block, or SMB. Get the details on that patch here.

Several articles have been posted recently indicating that traffic patterns have been observed that might indicate an exploit of that vulnerability. This article indicates that some experts believe the traffic patterns are indicative of a new exploit, but others are not concerned.

More recent than even that article is this posting, revealing that an exploit for MS05-011 has actually been discovered and made available on the Internet.

So is there anything you can do to protect yourself? Most firewalls (network-based and host-based) already block TCP port 445, the port used by SMB. If you know your organization allows SMB across the firewall, then you should be concerned. Make sure your systems are patched properly, and keep your anti-virus up to date. That’s about all you can do: just stay vigilant.

Be social and share this post!