Worm attacks Microsoft web site

Middle East IT users are being warned of the dangers of the latest worm, which works by exploiting a vulnerability in various forms of the Windows operating system. The Blaster worm scans the internet for computers that are vulnerable to attack. However, its purpose is to use these machines to attack Microsoft’s own web site.

  • E-Mail
By  Peter Branton Published  August 13, 2003

Middle East IT users are being warned of the dangers of the latest worm, which works by exploiting a vulnerability in various forms of the Windows operating system. The Blaster worm scans the internet for computers that are vulnerable to attack. However, its purpose is to use these machines to attack Microsoft’s own web site.

The Blaster worm, or W32.Blaster is being ranked by security firm Symantec as a level four threat, and it has spread around the world, infecting more than 120,000 systems in the past 48 hours.

The worm scans the internet and when it finds a vulnerable system, it tries to enter the system through port 135 to create a buffer overflow. Once installed in a machine, Blaster scans random IP ranges, seeking more PCs to infect. It also creates a file in the system called msblast.exe, which contains the worm's code. It creates a registry key to ensure it is started whenever the operating system is restarted. The aim is to launch a Denial of Service Attack against the web site windowsupdate.com. The worm is coded to launch that attack on August 15 2003.

“Microsoft is working with customers to guard against the Blaster system worm which targets a well-known Windows vulnerability disclosed by Microsoft on July 16,” said Yousef Khalili, regional comms manager for Microsoft ME. “We continue to urge customers to download the patch available.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code