Blaster Worm Is Something Really Dangerous

Added: 10/01/2006
Year 2003 was marked with a huge disaster in the world of computers. A worm exploiting the Remote Procedure Call (RPC) was attacking Windows machines all over the world, rapidly spreading across the whole World Wide Web. However, the harmful effects caused by Blaster worm were considered to be less serious than those caused by the previous versions of worms.

The Blaster worm (a worm also known as MSBlast, Poza and Lovsan), was programmed to start an attack of the windowsupdate.com on a certain date. Microsoft has issued a software to close the hole exploited by the worm, the so-called worm remover, but as their reaction was slow (as predicted, however), the worm has had enough time to spread itself over millions of computers all over the world. This Blaster worm had a very serious effect on many Windows users, causing severe misconduct of the operating system and harming the file system. Computers, running on different operating systems, like Unix, Linux or Mac, were not vulnerable to this worm, as it was specifically designed to exploit the Windows bugs only.

F-Secure has analyzed the code of the worm and has come with the results showing that the worm spreads in a 6167 byte executable under the name MSBLAST.EXE, attacking particularly Windows 2000 and Windows XP operated systems. Until the patch is installed, it is almost impossible for the user to remove the worm.

The worm initializes the command shell and connects through TFTP to other systems infected with the same virus to download the malicious executable. Blaster worm scans the Internet addresses to find other vulnerable machines with the help of TCP/TDP port 135. When the worm finds the machine vulnerable enough to attack, it copies itself and starts the harmful executable, changing the system in a way the worm should start every time the computer is started. This new infected chain immediately starts looking for other victims to infect, thus continuing spreading the worm over the Net.

If the worm cannot succeed with infecting the computer, it may attack it in different way, so that the system crashes and only an experienced system engineer would be able to fix it. In case Blaster worm does everything successfully, it leads to the latencies in the local network.

Blaster contains the following text strings:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!

The security experts has predicted the arrival of the worm and issued several press-releases concerning the issue. They think that the worm would not be able to cause serious harm to the local network, as it only uses the external network ports trying to spread itself outside the local net. However, the worm is cheating some update software, when the last shows that the Blaster fixing patch has been installed, while this is not true.

One should be careful with all these worms wandering the net. The designers of this malicious software state they want to display the holes by the owners of the most popular software, Microsoft in particular. However, the methods are to be considered. Lots of computer users worldwide suffer from all these worms, viruses, trojans and other malware. There is no completely effective tool to fight that, but if you are careful and well-equipped with the latest anti virus software, you can avoid severe damage.

This artilce has been viewed: 5 times this month, and 21 times in total since published.
 

Random articles

Popular articles