Beware of the "Web Worm"...

[Gary04GT]

Web Worm Attacks Windows, Spreads Fast -- Experts
Tue August 12, 2003 10:27 AM ET
By Elinor Mills Abreu and Bernhard Warner

SAN FRANCISCO/LONDON (Reuters) - An Internet worm targeting Microsoft Corp Windows users was spreading rapidly around the world on Tuesday, triggering computer crashes and slowing Web connections, experts said.

The worm, dubbed Blaster but also known as LoveSan or MSBlaster, carried a message for the Microsoft chairman: "Billy Gates why do you make this possible? Stop making money and fix your software!!"

Blaster, which zeroes in on Windows 2000 or Windows XP operating software, has been timed to attack a Microsoft security Web site distributing the patch needed to stop the worm in its tracks before it hits millions of users.

The worm specifically targets the latest versions of the Windows software and experts predict home users will be the worst affected. The vast majority of the world's computers are equipped with one form or other of Windows software.

"I anticipate that Blaster will have its biggest impact on the home user community as they are more laid back about keeping their anti-virus and patches up-to-date and may have insufficient firewalls in place," said Graham Cluley, a technology consultant at British-based Sophos Anti Virus.

Blaster is fairly unusual in that it does not spread specifically via e-mail as it can travel through a normal Internet connection.

Security experts advised computer users to visit http://www.microsoft.com/security/se...ins/ms03-026.a sp to download the patch. The author has programmed the w http://www.microsoft.com/security/se...ins/ms03-026.a sp to download the patch. The author has programmed the worm to knock the site offline on August 16, the experts said.

BLOCKING THE WORM'S PATH

A host of European and Asian anti-virus firms reported corporations had contacted them to say they had been infected as their systems went online on Tuesday.

Following a quick patch job, many corporate systems were back up and running without a hitch. But as the greatest damage was expected to be in the home market, the actual toll of Blaster might be difficult to determine, the experts said.

In South Korea, one of the world's most wired nations, Blaster was having limited impact, officials said, as technicians took steps to block vital Internet ports that prevented the worm's widespread movement.

Once Blaster infects a computer, it scans the Internet for other vulnerable machines to attack.

In some cases the worm causes the computer to crash, but does not infect it, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute in the United States.

"It's dangerous from the perspective that it can consume a lot of bandwidth," said Russ Cooper of TruSecure Corp. "Every compromised machine is constantly attacking."

In January, a worm dubbed "Slammer" that exploited a hole in Microsoft SQL database software brought automatic teller machines in the United States to a standstill, paralyzed corporate networks worldwide and nearly shut down Web access to South Korea.