Web Worm Attacks Windows, Spreads Fast-Experts
Mon August 11, 2003 07:23 PM ET
SAN FRANCISCO (Reuters) - An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.'s MSFT.O Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.
The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP.
Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable machines and attacks them, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute.
In some cases, the worm crashes the victim machine, but does not infect it, he said.
It is spreading rapidly and has infected several thousand machines, Ullrich said.
The worm also appears to instruct the computer to launch a distributed denial of service (DDOS) attack on August 16 against a Microsoft Web site, he added. In a DDOS attack, a Web site is temporarily paralyzed after receiving requests from numerous multiple computers.
"It's dangerous from the perspective that it can consume a lot of bandwidth," said Russ Cooper of TruSecure Corp. "Every compromised machine is constantly attacking."
The worm contains code that includes a phrase: "Billy Gates why do you make this possible? Stop making money and fix your software," according to SANS.
Anti-virus provider Network Associates rated it a medium risk for consumers and corporate computer users, while rival Symantec Corp. rated it a high risk for distribution and a low risk for damage.
Security professionals have been expecting such a worm since last month.