[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 13 August, 2003, 11:18 GMT 12:18 UK
Home users suffer web worm woe
Sign on doors on Maryland Motor Vehicle Administration, AP
MSBlast hit some organisations hard
The latest computer virus to spread via the web seems to be hitting home users the hardest.

Since the MSBlast worm appeared yesterday the malicious program has infected more than 188,000 machines and swamped net connections with traffic as it looks for fresh hosts.

Many people struggled to download patches to protect themselves as the virus made it hard for them to connect to the net.

At its height the virus was taking only 30 seconds to find uninfected computers.

Scanning spreads

Unlike many recent viruses the worm travels around by itself and tries to infect any vulnerable Windows computer connected to the net.

It takes over a machine by exploiting a bug in the way that many versions of Microsoft Windows handle the transfer of files across the net.

Once a machine is compromised it starts searching for other machines to infect usually on the small section of the net that the host PC is using.

AFFECTED SYSTEMS
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
The vulnerability that MSBlast, also called Lovsan, exploits has been known about for almost a month and many firms have been preparing their defences against a virus written to exploit it.

As a result many organisations had patched computers before the worm struck, to limit the damage it could do.

But home users and small businesses tend not to be as diligent as larger companies at keeping computer security up-to-date and many home PCs have been taken over by MSBlast.

As an experiment security firm F-Secure put an unprotected PC on the net to see how quickly it would be infected.

Early on Tuesday it took about five minutes 30 seconds before the machine was found and infected. But by 3pm the same PC was being found and infected in 27 seconds.

According to statistics from Symantec the US and UK have the highest number of infected PCs.

HOW TO AVOID MSBLAST
Keep anti-virus software up to date
Use a firewall on broadband connections
Apply patches to close vulnerabilities
Apply cleaning programs to infected machines
Anti-virus firm Sophos said many home users may not realise that they are infected with the virus which makes machines slow down and re-boot periodically.

The company said users may just believe this is an everyday glitch and take no action.

Large organisations are being caught out by the virus too. In Maryland in the US, the state's Motor Vehicle Administration which issues driving licences and car registrations, was closed as its computer systems were knocked out by the worm.

Also hit was the Federal Reserve Bank of Atlanta, government offices in Hong Kong, Swedish net provider TeliaSonera and German car maker BMW.

MSBlast has not done as much damage as the Slammer worm that struck in January which shut down some cash machine networks and caused widespread net disruption.

But so many machines infected by MSBlast were scanning for new victims that some of the internet's backbone networks were starting to feel the effects.

Keynote Systems, which monitors net traffic times, said average travel times for data passing between net firms on America's West and East coast is usually 85 milliseconds.

As MSBlast began to hit its stride this average travel time grew to between three and nine seconds.

The worm can be cleared by downloading a patch to close the vulnerability it exploits and by running removal programs created by anti-virus firms. Unlike some other worms MSBlast cannot be cleared by simply rebooting a machine.




SEE ALSO:
Worm blasts across the web
12 Aug 03  |  Technology
Growing fears over net threat
31 Jul 03  |  Technology
New e-mail virus spreading
31 Dec 02  |  Technology
Aggressive net bug makes history
03 Feb 03  |  Technology
Net recovers from cyber attack
27 Jan 03  |  Technology
Code Red threat tailing off
02 Aug 01  |  Science/Nature
Code Red 'was never a threat'
02 Aug 01  |  Science/Nature
Net security threats turn devious
08 Aug 02  |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific