Web Worm Attacks Windows, Spreads Fast, Experts Say
SAN FRANCISCO (Reuters) – An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.’s Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.
The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP that lets computers share files, among other activities.
Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable machines and attacks them, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute.
In some cases, the worm crashes the victim machine, but does not infect it, he said.
It is spreading rapidly and has infected several thousand machines, Ullrich said.
The worm also appears to instruct the computer to launch a distributed denial of service (DDOS) attack on Aug. 16 against a Microsoft Web site, he added. In a DDOS attack, a Web site is temporarily paralyzed after receiving requests from numerous multiple computers.
“It’s dangerous from the perspective that it can consume a lot of bandwidth,” said Russ Cooper of TruSecure Corp. “Every compromised machine is constantly attacking.”
The worm contains code that includes a phrase: “Billy Gates why do you make this possible? Stop making money and fix your software!!,” according to SANS.
Anti-virus provider Network Associates rated it a medium risk for consumers and corporate computer users, while rival Symantec Corp. rated it a high risk for distribution and a low risk for damage.
Last month, Microsoft warned of the vulnerability, which experts said was one of the worst to hit a software program in a few years because of the number of Windows systems affected.
The U.S. government issued a warning about the security flaw, and then released another advisory warning after thousands of machines began scanning the Internet looking for vulnerable computers. After that, experts said it was only a matter of time before a worm would appear.
In January, a worm dubbed “Slammer” that exploited a hole in Microsoft SQL database software brought automatic teller machines in the United States to a standstill, paralyzed corporate networks worldwide and nearly shut down Web access to South Korea.