WASHINGTON – Government and industry experts consider brewing hacker activity a precursor to a broad Internet attack that would target enormous numbers of computers vulnerable from a flaw in Windows (search) software from Microsoft Corp (search).
Experts described an unusual confluence of conditions that heighten prospects for a serious disruption soon. They cite the high numbers of potential victims and increasingly sophisticated attack tools already tested successfully by hackers in recent days.
An alert distributed Thursday among U.S. government agencies warned of "widespread scanning and exploitation" of victim computers by hackers who were developing "improved and automated exploit tools."
The Homeland Security Department (search) cautioned Wednesday that it had detected an "Internet-wide increase in scanning" for victim computers. In an unusually ominous alert, it warned the threat could cause a "significant impact" on the Internet.
Experts advised computer users with renewed urgency to apply a free repairing patch that Microsoft has offered on its Web site since July 16, when it acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software.
An attack could come "any day now," predicted Chris Wysopal of AtStake Inc., a security company in Cambridge, Mass. Another company, Qualys Inc., put the threat at the top of a newly released ranking of the Internet's most severe vulnerabilities.
Alan Paller of the SANS Institute in Bethesda, Md., said a disruption could be worse by orders of magnitude than previous high-profile attacks -- such as the summer 2001 outbreak of the "Code Red" virus -- because of the numbers of vulnerable systems.
Security companies guarding government and corporate networks have identified sporadic break-in attempts worldwide using such tools and have monitored hackers in discussion groups and chat rooms exchanging tips about how to improve the effectiveness of their programs.
Applying Microsoft's repairing patch takes a few moments for home users but is a more daunting challenge for large corporations with tens of thousands of Windows computers.
"People are definitely aggressively trying to patch this," said Ken Dunham, an analyst at iDefense Inc., an online security company. "But a large rollout may need to take some time."
Researchers' biggest fears -- that hackers will quickly unleash automated "worm" software that attacks large numbers of computers within minutes -- have so far been unrealized.
"Everybody is predicting a widespread event, going from zero to 60 very quickly," said Dan Ingevaldson, an engineering director for Atlanta-based Internet Security Systems Inc. He estimated the likelihood of a major Internet attack as "closer to imminent than probable."
Depending on the hackers' designs, attack tools could be engineered to disrupt Internet traffic by clogging data pipelines, delete important files or steal sensitive documents. Experts cautioned that a particularly clever hacker could leave little trace of an attack.
Oliver Friedrichs, the senior manager for security response at Symantec Corp., predicted that widespread attacks will not occur soon because hackers still need to resolve important glitches in their own attack tools.
"It is a little early," Friedrichs said. "The exploit needs to be perfected. The effort applied to the exploit is certainly increased, but we're not sure if that's indicative of when we might see a widespread threat. People certainly need to be aware of this."
FBI spokesman Bill Murray said bureau investigators were studying several hacker tools designed so far and were highly concerned about a wide-scale Internet attack. "We implore the private sector -- both business and home users -- to visit the Microsoft Web site and install the patches and mitigations necessary to prevent this from creating a negative effect on the Internet as a whole," Murray said.
The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands.