Beat Blaster Now
By Steve Enders, Tech Live Web producer - Posted Aug 13, 2003
Computer crashing? Chances are you've got a virus -- the same one that's affecting hundreds of thousands of other PCs belonging to home users and businesses around the world.
If you have the worm, stop here. Follow the instructions in this free removal tool offered by Symantec. If you're still having trouble, read these tips. Finally, you need to run Windows Update. Just follow the instructions provided in our Ultimate Windows Update Guide.
Now that we've got the formalities out of the way, here's what's new.
The virus, called Blaster, Lovsan, and Poza, slammed the Internet late Monday and early Tuesday, infecting more than 220,000 PCs by some estimates. If your PC is running any number of Microsoft Windows versions, including Windows XP, you could be affected.
Tonight on "Tech Live," get up-to-the-minute details on Blaster, and see what our security expert, Becky Worley, has to say about the spreading worm and new threats appearing in its wake.
Attack of the clones?
Windows PC users have been flocking to the Microsoft Windows Update website, bringing to a crawl the very service that's supposed to help Windows users ward off viruses. Still, the site is working. Be patient if it appears to run slowly.
What's worse, the virus is programmed to launch a denial-of-service attack on the Windows Update site on August 16 -- and on the 16th of each month thereafter.
But the problem for PC users and Microsoft doesn't stop there, and despite the infection rate slowing, PC users aren't out of the woods yet.
Today, Internet security experts warned they're already seeing variants of the virus on the Internet, something they feared when Blaster first struck. The Blaster virus was crudely coded, giving other virus programmers the opportunity to tweak the code and make it more aggressive, and potentially more destructive.
"The original author of Worm/Lovsan was successful at infecting hundreds of thousands of computers worldwide," Steven Sudnermeier, vice president of products and services at security firm Central Command, said in a statement to media. "Unfortunately, history has proven that this type of success usually generates a litter of copycat creations."
Sundermeier continued, saying two variations have been spotted by the Central Command team, and they're "direct clones of the original with only minor alterations in order to bypass detection."
Threat to Microsoft
The worm exploits a hole found in Microsoft Windows in July. It can be patched by running Windows Update, or by installing a firewall.
Despite Microsoft's warnings of the hole, thousands of PC users failed to patch their systems, allowing the virus to spread rapidly early this week. Security experts are still afraid users won't patch their systems, allowing variants of the virus to spread, and also enabling the attack set for Saturday to take place.
Microsoft is being tight-lipped about what it's doing to secure its website. However, a Microsoft security spokesman did release a statement. "We're doing everything from the architecture and technology perspective to ensure that our customers on Saturday have the same experience on WindowsUpdate.com that they would have any other day," the statement said.
Virus clones' destructive history
Security experts such as Sundermeier are watching developments closely, since they've seen this type of virus spread before.
Variants of old viruses including Klez, Bugbear, and Code Red still appear in the top virus listings issued by security companies each month. These viruses became more destructive as they took on different characteristics after virus writers changed them to be more virulent. They're unlikely to spread much anymore, however, since security software and operating systems have been upgraded and updated to defend against such threats. But they're still in the wild, and they still have the potential to damage PCs.
That's what has many worried, as virus writers may be quick to piggyback on the success of Blaster's spread.
The way it's spreading doesn't help, either. Blaster doesn't show up in an email you can delete. Instead, it spreads by scanning the Internet looking for computers with open ports, or door-like gateways to the Internet. When it finds one, it installs itself. To stop the spread and protect against damaging more PCs, it's critical individual users create the first line of defense against these nasty worms.
If you have the worm, stop here. Follow the instructions in this free removal tool offered by Symantec. If you're still having trouble, read these tips. Finally, you need to run Windows Update. Just follow the instructions provided in our Ultimate Windows Update Guide.
Now that we've got the formalities out of the way, here's what's new.
The virus, called Blaster, Lovsan, and Poza, slammed the Internet late Monday and early Tuesday, infecting more than 220,000 PCs by some estimates. If your PC is running any number of Microsoft Windows versions, including Windows XP, you could be affected.
Tonight on "Tech Live," get up-to-the-minute details on Blaster, and see what our security expert, Becky Worley, has to say about the spreading worm and new threats appearing in its wake.
Attack of the clones?
Windows PC users have been flocking to the Microsoft Windows Update website, bringing to a crawl the very service that's supposed to help Windows users ward off viruses. Still, the site is working. Be patient if it appears to run slowly.
What's worse, the virus is programmed to launch a denial-of-service attack on the Windows Update site on August 16 -- and on the 16th of each month thereafter.
But the problem for PC users and Microsoft doesn't stop there, and despite the infection rate slowing, PC users aren't out of the woods yet.
Today, Internet security experts warned they're already seeing variants of the virus on the Internet, something they feared when Blaster first struck. The Blaster virus was crudely coded, giving other virus programmers the opportunity to tweak the code and make it more aggressive, and potentially more destructive.
"The original author of Worm/Lovsan was successful at infecting hundreds of thousands of computers worldwide," Steven Sudnermeier, vice president of products and services at security firm Central Command, said in a statement to media. "Unfortunately, history has proven that this type of success usually generates a litter of copycat creations."
Sundermeier continued, saying two variations have been spotted by the Central Command team, and they're "direct clones of the original with only minor alterations in order to bypass detection."
Threat to Microsoft
The worm exploits a hole found in Microsoft Windows in July. It can be patched by running Windows Update, or by installing a firewall.
Despite Microsoft's warnings of the hole, thousands of PC users failed to patch their systems, allowing the virus to spread rapidly early this week. Security experts are still afraid users won't patch their systems, allowing variants of the virus to spread, and also enabling the attack set for Saturday to take place.
Microsoft is being tight-lipped about what it's doing to secure its website. However, a Microsoft security spokesman did release a statement. "We're doing everything from the architecture and technology perspective to ensure that our customers on Saturday have the same experience on WindowsUpdate.com that they would have any other day," the statement said.
Virus clones' destructive history
Security experts such as Sundermeier are watching developments closely, since they've seen this type of virus spread before.
Variants of old viruses including Klez, Bugbear, and Code Red still appear in the top virus listings issued by security companies each month. These viruses became more destructive as they took on different characteristics after virus writers changed them to be more virulent. They're unlikely to spread much anymore, however, since security software and operating systems have been upgraded and updated to defend against such threats. But they're still in the wild, and they still have the potential to damage PCs.
That's what has many worried, as virus writers may be quick to piggyback on the success of Blaster's spread.
The way it's spreading doesn't help, either. Blaster doesn't show up in an email you can delete. Instead, it spreads by scanning the Internet looking for computers with open ports, or door-like gateways to the Internet. When it finds one, it installs itself. To stop the spread and protect against damaging more PCs, it's critical individual users create the first line of defense against these nasty worms.
Comments
Add a Comment