Major Computer Attack Coming?
Aug. 11, 2006 -- The Department of Homeland Security released a statement Wednesday advising Windows PC owners across the nation to update their computers or face a potential attack from hackers.
"The Department of Homeland Security is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible," the statement read. "This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system."
Mike Murray, director of vulnerability research at the security firm nCircle, said the fact that DHS made this urgent plea is evidence that the threat is real.
"They realize that of all the vulnerabilities that have come out in the last year or two, this is definitely the most severe and the most likely to be attacked," he said.
Who's at Risk and What Can You Do?
DHS made the announcement because the worm expected to be unleashed as a result of this vulnerability has the potential to shut down entire networks and require IT teams to scrub hundreds of thousands of PCs.
Syamntec, one of the nation's leading antivirus companies, said that Microsoft identified 12 security flaws in all. They say this threat is not only real but potentially very dangerous.
Though there's no way to be sure, Murray fears that attacks could shut down entire networks and could come in a few days or possibly even in the coming hours.
"If you don't have a good firewall on that computer and you're not protecting yourself, and if you haven't run your Windows update that popped up on your computer the other day, then absolutely, they can take over your computer at will," he said.
Murray said that once hackers are inside, they can use the computer any way they want.
"It all depends on which particular breed of bad guy decided to take over that day," he explained. "If they wanted to sit there and watch you type in your credit card number, they could. If they wanted to use your computer to send spam they could. If they just wanted to crash your computer they could."
Every month, he said, Microsoft receives reports about vulnerabilities in their software. But that doesn't mean that the Redmond, Wash., software giant is to blame.
"To maintain an operating system of the size and complexity of Microsoft Windows is impossible to do perfectly," Murray said. "While it's easy to bash Microsoft, if you look at Apple or you look at Firefox, all these big products have vulnerabilities in them, just because it's so hard to write that much code and be perfect."