Three weeks after a patch was made available for the vulnerability in Microsoft`s operating system, local corporates are scrambling to minimise the impact of the Blaster worm, which exploits that vulnerability.
The worm, also dubbed LoveSan or MSBlaster, exploits a vulnerability within unpatched Microsoft Windows NT, Windows 2000, Windows XP and Microsoft Windows Server 2003 operating systems.
Since the worm and its variants emerged on Monday, they have crashed systems and spread to hundreds of thousands of vulnerable computers around the world. It also affected the mail systems of several local banks and corporates this week.
Local infections
"Our e-mail systems were infected quite badly by the virus on Wednesday," says William Ramwell, media liaison at First National Bank. "We spent most of the day cleaning up, with some isolated terminals still being fixed on Thursday."
The bank was hit mainly at Bank City and its regional offices, with branch services and online banking remaining unaffected as these run on OS2 and a combination of Unix and Linux respectively.
"We have had 100% uptime this whole week," confirms Roland Le Seuer, head of FNB Internet Banking.
Ramwell says the bank will conduct a post-mortem to discover why the patch was not loaded comprehensively when it was made available, and to ensure this sort of incident does not happen again.
"We have had a couple of very isolated occurrences," says George de Beer, Absa`s IT risk manager. "We loaded the patch and our anti-virus is dealing with it perfectly." The infections were indiscernible to users, he adds.
He says it took the bank "a number of hours" to load the patch, declining to say when it had started working on the problem. "It is up to date at the moment."
A spokesperson from Nedbank`s technology and operations division confirms that despite the bank carrying out weekly updates, "minor problems" were experienced. "On some computers, the patch was not applied immediately, as there were potential application compatibility problems which had to be resolved prior to implementation," he says.
Standard Bank, which loaded the patch three weeks ago, has experienced one incident of the worm. "There has been one minor incident of this virus coming into our system," says Louis Lehmann, Standard Bank`s group IT security director. "We are busy sorting it out and it is under control. All staff have been warned and there is an awareness."
SAA and Eskom are also reported to have experienced minor incidents of the worm. "Yes, we have been affected," says Sithembele Tshwete, media relations manager, Eskom. "We managed to patch the system within a day."
Why not patch?
Brett Myroff, CEO of Netxactics, explains why companies have left themselves open to attack. "The unfortunate trend is that people are a little bit lax when it comes to security on their network, and I feel that South African companies have become a bit complacent. Security has become a grudge purchase, as it proves to be very expensive for the company."
He says organisations must make sure they load patches and keep their systems up to date.
"Blaster is not very fast spreading, and it came via an open port in the firewall. So while e-mail systems and anti-virus software might be up to date, companies must ensure their security policies are totally comprehensive."
Related stories:
Blaster worm variant loose
Fast-spreading worm exploits MS hole