Blaster
Blaster

Blaster worm starts European campaign

Lovesan/Blaster on the move following US infections

Iain Thomson

The long-predicted worm which uses a flaw present in all Microsoft operating systems has already spread to Europe.

The Blaster worm, also know as Lovesan, MSBlaster or Poza, attacks via a flaw for which a patch has been available since 16 July.

Advertisement

And, after 15 August, infected computers will be used to launch a denial of service attack against windowsupdate.com, where the patch for the vulnerability can be found.

Infections have already spread in the US and cases started appearing in Europe as the working day started.

"The lion's share of infections are in the US. Now people are waking up we've got infections popping up all over Europe," said David Emm from Network Associates Avert labs.

"We're keeping an eye on it but at present it doesn't look like it's going to be as much of a problem as Slammer. Administrators must still patch their systems as a matter of urgency."

The worm is spread automatically by sending itself via TCP port 135 to random IP addresses, generating large amounts of network traffic.

Once it finds and infects a system it copies itself onto the registry and sets up a shell using TCP port 4444, which downloads a program, msblast.exe, before sending itself out again.

The worm code also contains a message for Microsoft chairman Bill Gates, hidden in the code: "I just want to say LOVE YOU SAN!! billy gates why do you make this possible? Stop making money and fix your software!!"

The worm is particularly worrying since it can be used against both servers and client PCs.

"This puts the future of Windows at threat," said Gary Jones, services manager at MIS Corporate Defence Solutions.

"People underestimate how vicious this exploit code is. A single line of code gives the hacker system-level privileges.

"If someone writes an email worm this is going to spread like wildfire; it affects clients and servers and runs on 90 per cent of the world's PCs."

The critical flaw is in Microsoft's Distributed Component Object Model Remote Procedure Call (RPC) interface.

The vulnerability involves the RPC protocol, which deals with inter-computer communications. Microsoft warned that, under certain circumstances, the RPC might not properly check messages sent to the PC.

The patch is available here, and the major antivirus web sites also have free removal utilities available.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

New PCs risk Blaster infection

Unpatched versions of XP and 2000 still sitting on high street shelves

Virus

Viruses 'a blessing in disguise'

Tell that to the IT managers ...

Business giants Blasted by virus

Canon and Sainsbury's forced to shut down systems as worm strikes

Mistake foils Blaster Denial of Service

Worm writer's basic error sends DoS attacks to wrong address

Related whitepapers

Related jobs

Most watched

Summit: Views From the Valley

V3.co.uk's US office weighs in on the information overload crisis

John Chambers speaks on collaboration

Cisco boss talks up new offerings

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Summit video: Intel discusses processors designed for data overload (part one of two)

Intel explains how its Xeon processors can handle data-intensive apps

fujitsu logo

Unite calls off Fujitsu strike

Talks between the two sides will extend into the new...

Richard Thomas

Summit: Q&A Richard Thomas, former Information Commissioner

Thomas speaks out on government databases and data privacy

Symantec office

Summit: Symantec makes the case for smarter storage

Company talks up unified approach

Primary Navigation