Canon and Sainsbury's forced to shut down systems as worm strikes
vnunet.com, 21 Aug 2003
Retail giant Sainsbury's and office equipment maker Canon have fallen victim to a virus resulting in the closure of some systems on Tuesday.
A Sainsbury's spokeswoman confirmed that an unnamed virus, believed to be Blaster, infected the company's IT network on Monday night.
Non-essential systems were shut down and the infection was cleared up by Tuesday afternoon. The company claims that no customers were affected.
Meanwhile Canon lost its email systems and internal network for a short time. Blaster generates large amounts of network traffic as it spams IP addresses with copies of itself.
According to data collected by Network Associates' Hackerwatch.org, at least 1.2 million unique source IP addresses have been infected since Blaster was released last week.
The worm, also know as Lovesan, MSBlaster or Poza, attacks via a flaw in Microsoft operating systems for which a patch has been available since 16 July.
Blaster is spread automatically by sending itself via TCP port 135 to random IP addresses, generating large amounts of network traffic.
Once it finds and infects a system it copies itself onto the registry and sets up a shell using TCP port 4444, which downloads a program, msblast.exe, before sending itself out again.
Antivirus firms report unprecedented spike in infections during August as new worms flood email systems
Modification of Chinese code could mean 10 years in chokey for US hacker
Four new threats expose failure to apply simple patches to vulnerable systems
Trojan payload for new worm identified by antivirus experts
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
Google's announcement this week that it plans to step into...
Do you agree?
Have your say on this article