 Microsoft's Site: Under Attack on Sat.?
|
Aug. 13, 2003 — The worst computer attack this year rocked businesses, government agencies and home users around the world on Wednesday, mocking Microsoft's billionaire founder Bill Gates and his Windows software.
Hundreds of thousands of computers had already crashed in North America, Asia and Europe, and the pace was accelerating as the worm replicated via the Internet, an expert said.
And he warned that the worm contained a "time bomb," set to detonate on Saturday, which could overwhelm a Microsoft Web site where victims can download a software fix to seal the loophole exploited by the cyberworm.
|
 
 |
|||||||
The worm, called Blaster, but also using the names Lovsan and MSBLAST, started to crash computers on Tuesday.
Big-name victims included the U.S. Federal Reserve Bank in Atlanta, which shut down its computer systems on Tuesday after it was infected, although there was no disruption to the U.S. financial system.
Another was the Maryland Motor Vehicle Administration (MMVA). "The virus affects the whole system. We closed at noon," an MMVA official told AFP.
In the Asia-Pacific region, computers were paralyzed at government offices in Hong Kong on Wednesday and local companies also reported problems.
In China, the Beijing Evening News reported that "several tens of thousands of computers" had been infected, many of them owned by individuals and small businesses, while 2,000 intranet systems had collapsed.
In Japan, virus fighter Trend Micro said it had received nearly 250 infection reports in little more than 24 hours, but this was "just the tip of the iceberg."
"We have not seen a virus spread so quickly in one day," corporate spokesman Miyuki Akiyama said.
In Europe, Spanish anti-virus firm Panda Software said it had detected the virus in four percent of computers it had checked.
Symantec Security Response, a U.S. anti-virus specialist, on Tuesday upgraded its alert to grade four, from grade three; Trend Micro in Asia on Wednesday placed it on level five, its highest alert status; and the Spanish government's Rapid Alert Center on viral attacks rated it four on a level of five and branded it a "high danger."
Blaster exploits a software bug in most of Microsoft's Windows systems, with Windows 2000, Windows XP, Windows NT and Windows Server 2003 being the most vulnerable.
It works by sending irregular network packets of data to vulnerable computers that are connected to the Internet via two standard network protocols called TCP and UDP.
The data flow causes a "buffer overrun" error to occur, which causes the system's normal security controls to be bypassed and then allows remote commands to be carried out.
Once a vulnerable machine has been located, Blaster downloads a full executable copy of itself (msblaster.exe), which it then starts running, as well as software to pass more copies of itself to other hosts.
The worm causes the computer to crash but does not appear to erase files or create major damage other than duplicating itself to email addresses in the computer's address book.
But it carries a taunting message to Microsoft's founder and chairman: "billy gates why do you make this possible? Stop making money and fix your software!!"
Graham Cluley, senior technology consultant at British anti-virus firm Sophos plc, told AFP that hundreds of thousands of computers had already been infected, although it was "very very hard" to get a true figure.
Microsoft revealed the software glitch on July 16 and also released a software "patch" that users can download from a Web site (see bottom of story for URL).
Cluley said that large corporations, with the staff and resources to update their software, had "generally have been alerted" to Blaster and many had already put the patch in place. But small users were very vulnerable, as they were often unaware of any danger and frequently failed to update their virus defenses, he said.
He added that the virus had a "time bomb," which would engage on Saturday when it would send a flood of bogus traffic to the Microsoft update service.
"If too many people are still infected by this thing on Aug. 16, there's a potential that they could seriously disrupt that website and of course make it more difficult to get the patch. Home users really have to get the patch now," he said.
< news main
