net127: a scrapbook of words and images

August 13, 2003

Computer 'Worm' Widely Attacks Windows Versions

Kirk Semple, New York Times, reports:

A malicious computer program aimed at the most recent versions of the Microsoft Windows operating system rapidly spread around the world over the Internet yesterday, infecting tens of thousands of home computers and corporate networks.

Known by a variety of names — including W32.Blaster, MSBlast and W32/Lovsan — the viruslike program, called a worm, first appeared on Monday.

Even though the possibility of such an attack had been widely anticipated by computer security experts, the worm managed to take advantage of a vulnerability in a common component of Windows to invade numerous computer hard drives, where it was in position to impede operations and attack other computers.

malicious computer program aimed at the most recent versions of the Microsoft Windows operating system rapidly spread around the world over the Internet yesterday, infecting tens of thousands of home computers and corporate networks.

Known by a variety of names — including W32.Blaster, MSBlast and W32/Lovsan — the viruslike program, called a worm, first appeared on Monday.

Even though the possibility of such an attack had been widely anticipated by computer security experts, the worm managed to take advantage of a vulnerability in a common component of Windows to invade numerous computer hard drives, where it was in position to impede operations and attack other computers.

According to the SANS Institute, a computer security training firm based in Bethesda, Md., the worm also riddles the infected computer's registry with several computer strings, including the taunt, directed at Microsoft's chairman: "billy gates why do you make this possible Stop making money and fix your software!!"

On Saturday, experts said, the Blaster worm will attempt to shut down Microsoft's Windows Update Web site, where users are encouraged to go for the patch, by signaling infected computers around the world to swamp the site with bogus requests for service.

"It's like Mother's Day," Mr. Lindner said. "It's a big deal for everyone to call their mother on Mother's Day, but you get a busy signal because there are not enough telephone lines."

The worm also instructs infected computers to continue pelting the site.

Security experts said the only way to thwart the attack this weekend, and forestall future attacks, is for people with infected computers to remove the worm from their machines and download the patch. Cleansing tools and instructions are available at http://www.microsoft .com/security/incident/blast.asp, as well as at numerous Internet security and antivirus Web sites.

To prevent future Blaster infections, experts said, all computer owners using Microsoft Windows should update their antivirus software and download and install the Microsoft patch regardless of whether their machines are behaving erratically. Computer owners who regularly use the Windows update feature, either automatically or manually, or keep their antivirus software current, are probably already protected against the worm. More instructions and links are available at www.nytimes.com/technology.

Security officials also said that the worm might spawn other offspring over the next few days.

Mr. Toulouse of Microsoft said the cat-and-mouse game between software engineers and hackers would certainly not stop when Blaster is solved. "Security in and of itself is not going to be perfect," he said. "It's really a journey, not an endpoint."

Posted by glenn at August 13, 2003 09:57 AM | TrackBack
Comments
Post a comment