Experts anxious over possible Web attack
By Jeordan Legon and Marsha Walton
(CNN) -- Seeing a rise in hacker activity that could be a prelude to a broad Internet attack, security experts Thursday urged computer users to protect their machines by installing a free patch offered by Microsoft.
The Homeland Security Department warned it has detected an increase in hackers scanning the Internet to find vulnerable computers.
"That's a sure sign the intruder community is actively interested in finding out who they can exploit," said Jeffrey Havrilla, an Internet security analyst at the government's CERT Coordination Center, which monitors computer security.
The vulnerability affects almost all computers running Microsoft's Windows operating system software. The flaw, involving so-called "buffer overflows," can fool software into accepting insecure commands that could let intruders steal data, delete files or eavesdrop on e-mails.
Experts worry that home computer users and corporations might delay installing the needed patch and as a result leave their computers open to attack.
"They can take complete control of a machine. They can take it down. They can reformat the hard drive. They can scan for information," said Dan Ingevaldson, engineering director at Internet Security Systems in Atlanta.
New tools tested
Government experts said hackers have tested new tools in recent days to seize unsecured computers.
Internet security firms issued similar warnings, saying they've seen increased chatter in hacker discussion groups and chat rooms about how to take advantage of Windows' vulnerability.
"We are expecting something sooner rather than later," Ingevaldson said. "But there's no horizon on some of these things."
Uncertain about attack
Security watchdogs said there is no way of knowing if or when an attack might take place. They urged users not to gamble and install the patch quickly.
The latest versions of Windows XP prompt users to do this automatically, but those with older versions should visit www.windowsupdate.com to get the download.