Blaster worm set for massive attack Saturday.
With the internet populace reeling after a malicious worm continues to infect thousands of PC?¢a??a?¢s worldwide, the situation is set to worsen as we can expect a massive denial of service attack sometime tomorrow. The virus commonly referred to as W32.Blaster first appeared on the Internet late Monday and has spread quickly, infecting machines running both Microsoft Windows XP and Windows 2003 Server operating systems. With the worm showing little signs of slowing, it makes this outbreak perhaps the most serious since the appearance of the SQL Slammer worm back in January.Recent statistics released by anti-virus firm, Network Associates, has estimated the amount of infected machines world-wide to be somewhere between 250,000 and 1,000,000 as of Thursday with thousands of new cases reported daily.
The real fear was that these infected machines would launch a massive denial of service attack against its Windows update site which is reportedly, already feeling the sting as millions of internet users scramble to download the patch that protects them against the MSBlast worm before attacks begin Saturday.
In response to this threat, Microsoft has since ?¢a???“killed off?¢a??? the Windowsupdate.com address with the changes having been made this Thursday. Because the worm is programmed to attack only that address and not the site that it redirects to, the software giant has decided to eliminate the Windowsupdate.com address. The move is one of a series of efforts that Microsoft has undertaken to try to thwart an attack on its servers that was expected to be launched by msblast infected computers.
The worm is programmed to start attacking Windowsupdate.com at 12 a.m PST Saturday.
The effects of the worm are being felt worldwide. In Holland a Dutch ISP, ?¢a???“UPC?¢a??? has threatened to block any connection affected by the worm, which could mean whole segments of Holland?¢a??a?¢s internet subscribers could be without access within 24 hours if they do not get their systems patched up. With Holland taking the threat so seriously it will be only a matter of time before other regions will be forced to follow suit.
So exactly how much of a threat is W32. Blaster? Perhaps the most troubling aspect of this worm is that as well as being self propagating, the worm installs a “back door” program on infected systems and reports back to an Internet relay chat server that the system has been compromised. A malicious hacker could use that information to identify a compromised system and then attempt to delete or access data stored on it.
Microsoft has advised its users to update their computers with the latest patches and turn on Auto update to simplify the process for installing future updates. Users are instructed to install and use antivirus software and to use a firewall.
Who Is Vulnerable?
W32.Blaster takes advantage of a known vulnerability in a Windows component called the DCOM (Distributed Component Object Model) interface, which handles messages sent using the RPC (Remote Procedure Call) protocol. RPC is a common protocol that software programs use to request services from other programs running on servers in a networked environment.
This exploit is specific to users of the following operating systems:
?¢a???¢ Microsoft???? Windows NT???? 4.0
?¢a???¢ Microsoft Windows???? 2000
?¢a???¢ Microsoft Windows XP
?¢a???¢ Microsoft Windows Server?¢a€??¢ 2003
View : What you should know about Blaster
Download : Scanning Tool to Indentify Vulnerable Systems
Download : MS03-026 Patch for Windows 2000| WinXP| Windows server 2003
news source : Neowin
页:
[1]