http://www.washingtonpost.com/wp-dyn/articles/A5774-2003Aug17.html By Helen Jung The Associated Press Sunday, August 17, 2003 SEATTLE - The second wave of an Internet attack by the "blaster" worm barely caused a ripple Saturday. Microsoft Corp. said it had no major problems from the worm's attempt to turn thousands of infected computers into instruments targeting the software company's Web site and network. The Redmond-based company had not noticed any extraordinary network congestion, spokesman Sean Sundwall said. There were also no reports of customers having major problems accessing the targeted Web site, which houses a software patch that fixes the flaw exploited by the worm. "So far we have seen no impact on our Web sites or any other Web sites due to the 'blaster' worm," Sundwall said. Still, he urged people to take precautions to protect their computers. The virus-like infection, also dubbed "LovSan" or "MSBlast," exploits a flaw in most current versions of Microsoft's Windows operating system for personal computers, laptops and server computers. Although Microsoft posted a software patch to fix the flaw July 16, many users failed to download it, leaving them vulnerable. As of Saturday afternoon, the worm had infected more than 423,000 computers around the world since Monday, according to security firm Symantec Corp. Of those, about 50,000 were affected on Saturday, said Mike Bradsaw, a Symantec spokesman. The infection caused computers to reboot frequently or disrupted users' browsing on the Internet. But it also packed a second punch. Computer experts said starting at 12:01 a.m. local time Saturday, infected computers that have not cleaned up the virus would in effect turn into a legion of zombies instructed to repeatedly call up a Microsoft Web site that houses the software patch. If enough traffic flooded the network, the site could be rendered unreachable and computer users would be unable to access the patch. But the exploiters of the Microsoft flaw made a mistake themselves. The worm instructed computers to call up http://windowsupdate.com - which is an incorrect address for reaching the actual Microsoft Web site that houses the software patch. Although Microsoft has long redirected those who visited that incorrect address to the real site - http://windowsupdate.microsoft.com - the company disabled the automatic redirection Thursday in preparation for the onslaught of infected computers. That has helped Microsoft's real Web site stay accessible to users, Sundwall said. The company was taking other measures to keep its site up and running, he said. He declined to give specifics. Vincent Weafer, senior director of security response for Symantec, warned that Microsoft's network and others across the country could see a slowdown in Internet traffic simply from the volume of activity the worm is expected to generate from its legion of infected computers. But that slowdown didn't happen, Weafer said Saturday. The rate of new infections has slowed in recent days, he said, though computer users who still have not downloaded the patch need to do so. He said the company expects new infections to continue for as long as two years. The worm left behind a love note on vulnerable computers: "I just want to say LOVE YOU SAN!" It also carried a hidden message to taunt Microsoft's chairman: "billy gates why do you make this possible? Stop making money and fix your software!" On the Net: http://windowsupdate.microsoft.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 01:05:27 PDT