F-Secure achieved extensive mediavisibility this year It all started on August 12 with a press release:World's First RPC Worm foundExperts forecast large-scale infectionsF-Secure is issuing an international alert on a new network worm known as Lovsan or Msblast. This worm spreads to Windows servers and workstations as MSBLAST.EXE, using the well-known RPC hole. The worm will launch an attack against windowsupdate.com on the 16th of August."The IT security industry has been waiting in horror for a new major worm to appear since the RPC/DCOM hole was found on the 16th of July", says Mikko Hyppönen, Director of Anti-Virus Research at F-Secure. "Now it's here". As a follow-up of the case we sent a release on August 16:Lovsan worm attack succeeds and fails at the same timeThe Lovsan worm that has been spreading since Monday has now activated around the world.Windows 2000 and XP machines that get infected after this moment will try to launch a distributed denial-of-service attack against Microsoft's windowsupdate.com. Similarly, machines which were infected before midnight on 15th of August (local time) will start the attack the next time they are rebooted. This will continue until the end of the year 2003.Microsoft made drastic changes to their Internet set up on Friday, changing the operations of their main servers. As to windowsupdate.com, they just surrendered.As a result, the worm can't find a target address for the attack - and won't attack. The change was done so late that probably some affected machines still had cached IP address for windowsupdate.com and a limited amount of attack packets are going around the net - but not enough to cause disruption for the internet itself. We were all pleased that this case was over and went back to normal work until 3 days later the viruses struck again:Press release on August 19:Worst virus week continuesFour new major virus cases within 24 hours"This reminds me of fall 2001", comments Mikko Hyppönen, Director of Anti-Virus Research at F-Secure Corporation. "Year 2001 still stays in history as the worst virus year ever, but this is starting to get just as bad. Within one week weve seen several major virus outbreaks as well as some completely new techniques in viruses".The Lovsan (or Blaster) network worm started to spread on Monday, August 11, 2003 and the latest one, Lovsan.D, was discovered on August 19, 2003. Welchi (or Nachi) worm was discovered on August 18, 2003. Sobig.F worm is the fifth variant of the Sobig family and was discovered on August 19th. Dumaru worm was found on August 19th. It exploits the fuss caused by the Lovsan worm.The viruses just seemed to appear one after the other, using new techniques and ways of spreading. The damage they were causing seemed to pile up and the media started reporting global problems in the use of Internet. Airlines had problems with on-line booking systems, public transportation was stopped in Washington D.C. and viruses contributed to the electricity black out in the USA.F-Secure played an important role in fighting against the viruses and worked with CERT, FBI and Microsoft PSS Unit to take down the attack network of Sobig.F in August 2003.Media publicity was enormous, ranging from CNNs live TV interviews to the smallest local newspapers in remote areas. F-Secure was quoted in USA Today, Herald Tribune, The New York Times, Le Monde, Le Figaro, CHIP online, Aftonbladet, PC World.com and numerous others, totalling over 2000 media hits in August alone.F-Secure succeeded in excellent team work across the continents and once again proved its place as a forerunner in virus detection and communication.Author: Jaana Sirkiä, Communications Manager Begin | Back
Microsoft made drastic changes to their Internet set up on Friday, changing the operations of their main servers. As to windowsupdate.com, they just surrendered.
F-Secure played an important role in fighting against the viruses and worked with CERT, FBI and Microsoft PSS Unit to take down the attack network of Sobig.F in August 2003.