 |
 New worm exploits Windows flaw
August 12, 2003
An Internet worm that takes advantage of what some security experts have called the most widespread Windows flaw ever spreads rapidly across the Internet.
The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a flaw in the Distributed Component Object service that is hosted by a Remote Procedure Call (RPC) feature in Windows 2000 and Windows XP that lets computers share files, among other activities.
Once it gets onto a vulnerable computer, the worm downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable computers and attacks them.
Infected computers were programmed to automatically launch "denial-of service" attack on a Web site operated by Microsoft on Saturday. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections. The denial-of-service attack is programmed to continue until the end of the month and restart again every month on the 16th.
The worm contains two messages in its code. One is addressed to Microsoft founder Bill Gates: "billy gates why do you make this possible?" it says. "Stop making money and fix your software!!" The other message is a "greet"--an underground programmer greeting--to another person, which could be a lead for any law enforcement agencies that pursue the worm's author.
In its attack technique, the worm is similar to "Code Red," which took the Internet by storm in the summer of 2001 and instructed compromised machines to attack the White House Web site simultaneously.
Microsoft had acknowledged the software flaw July 16 and issued a patch for customers to download from the company's Web site.
The U.S. government issued a warning about the security flaw, and then released another advisory warning after thousands of machines began scanning the Internet looking for vulnerable computers. After that, experts said it was only a matter of time before a worm would appear.
Microsoft Windows users can update their operating systems through the company's Windows Update service. More information about the flaw and workarounds are available in the advisory posted here.
|
|
