Blaster Worm Exploits Microsoft Security Hole And Launches Attack On Update Website, Warns Sophos
Sophos is warning computer users of a new worm spreading across the internet, which exploits a critical vulnerability in versions of Microsoft Windows. The W32/Blaster-A worm (also known as Lovsan, MSBlaster or Poza) – which has been infecting users across the world – also contains a mocking message for Microsoft’s chairman Bill Gates, and attempts to launch a denial of service attack on a website run by Microsoft for the purpose of distributing important security patches.
“Blaster attempts to knock Microsoft’s windowsupdate.com website off the internet,” said Graham Cluley, senior technology consultant for Sophos Anti-Virus. “By attempting a denial of service attack on this website, the virus author is deliberately trying to make it difficult for computer users to download the patch they need to secure their copies of Windows against the worm. It’s an extremely devious trick by Blaster’s author.”
The worm contains a message for Microsoft’s Bill Gates, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
The Blaster worm does not spread via email, but does distribute itself via the internet looking for vulnerable computers that have not been patched against a security hole first reported by Microsoft in mid-July.
“Businesses should note that Blaster doesn’t spread by email – so internet email scanning services will not be able to detect this worm, and an absence of reports at your email gateway does not mean you can rest on your laurels,” continued Cluley. “Companies should deploy the patch from Microsoft, ensure their firewalls are set up correctly and update the anti-virus protection on their desktop and servers.”
Sophos advises users of Apple Macintosh and Unix computers are not affected by the Microsoft security vulnerability, and are not at threat from the worm.
More information regarding the Blaster worm can be found at: http://www.sophos.com/virusinfo/analyses/w32blastera.html
More information regarding the critical vulnerability in Microsoft Windows can be found at:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp