[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 12 August, 2003, 09:49 GMT 10:49 UK
Worm blasts across the web
Computer keyboard, AP
Many versions of Windows are at risk from MSBlast
A Windows worm dubbed MSBlast is quickly spreading across the net and swamping net connections as it looks for more vulnerable machines to infect.

On infected machines the malicious program also launches an attack against the Microsoft site that holds a software patch that keeps the worm out.

Security firms say the design of the worm is hampering its spread but warn that tens of thousands of computers could fall victim to it.

The vulnerability exploited by the worm has been known about for almost a month and net security organisations have been warning that it would soon be exploited.

Damage control

MSBlast is known as a worm because it can spread across the net by itself.

Once installed on a machine MSBlast, also called Lovsan, starts scanning for other vulnerable machines and this can swamp local net connections.

Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Network Associates said that many home broadband users were reporting heavy traffic on their net connection as a result of being infected by the worm.

Security firm Symantec said that it had already found MSBlast on more than 57,000 machines.

The worm is likely to find a lot of hosts on the net as it exploits a vulnerability found in many different versions of Microsoft Windows.

The vulnerability exists in the way that Windows shares files across networks. The carefully crafted code of the worm swamps a memory buffer which forces a machine to carry out instructions hidden in the tail of the file.

As well as scanning for more machines to infect, MSBlast is also preparing to launch an attack on 16 August on Microsoft's Windows Update website where many people go to get software patches that close software vulnerabilities.

Keep anti-virus software up to date
Use a firewall on broadband connections
Apply patches to close vulnerabilities
Apply cleaning programs to infected machines
The vulnerability exploited by MSBlast was first discovered on 16 July and since then security firms, governments and alert services have been warning people that an attack was imminent.

Warnings grew more shrill as security firms reported that malicious hackers were starting to seek out machines that suffered the vulnerability that is now being exploited.

"The time between vulnerabilities being disclosed and exploits being created is decreasing, companies must have an efficient patch management process if they are to protect critical networks," said Graeme Pinkney, operations manager for Symantec. "Time is no longer on their side."

Those most likely to be affected are home users and small firms that tend not to be as diligent about computer security as large companies.

Security firms said that the worm is unlikely to spread as far the recent Slammer worm but said it could rival 2001's Code Red worm which managed to infect 200,000 machines.

Symantec said that it was spreading about 20% of the speed of the Slammer worm when measured by the number of unique machines it was finding and infecting.

Hidden inside the worm are two messages. One taunts Microsoft chairman Bill Gates and reads: "billy gates why do you make this possible? Stop making money and fix your software!" The other is more cryptic and says: "I just want to say LOVE YOU SAN!"

Growing fears over net threat
31 Jul 03  |  Technology
New e-mail virus spreading
31 Dec 02  |  Technology
Aggressive net bug makes history
03 Feb 03  |  Technology
Net recovers from cyber attack
27 Jan 03  |  Technology
Turning against the web worms
04 Oct 01  |  Science/Nature
Code Red threat tailing off
02 Aug 01  |  Science/Nature
Code Red 'was never a threat'
02 Aug 01  |  Science/Nature
Net security threats turn devious
08 Aug 02  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific