Feared Windows Worm Starts Attack

Exploiting what may be the most wide-spread Windows vulnerability ever, a new worm is on the

loose, setting up a distributed denial-of-service attack against Microsoft Corp. and

fulfilling security experts’ ominous predictions.

MSBlaster, as it’s been labeled by its author, hit the wild late on Monday and has been

spreading fairly quickly across the globe taking advantage of a vulnerability in Microsoft’s

Windows operating system. But unlike most worms, this one isn’t spreading via email. End

users don’t have to errantly click on a malicious attachment or be drawn in be a devious

subject line. MSBlaster, also known as Lovsan and Poza, is distributing itself machine to

machine through Port 135.

”Unlike most worms, people don’t even know they’ve got it,” says Chris Belthoff, a senior

security analyst with Sophos, Inc., a security and anti-virus company based in Lynnfield,

Mass. ”If your system isn’t patched, it’s unlikely you would even know you were infected…

There’s no email. No one has to click on anything. If systems were left unprotected, then

the potential for spreading is very high.”

The worm isn’t deleting information or wreaking havoc on the infected systems, say security

analysts. MSBlaster doesn’t even carry a destructive payload. Instead, it’s geared to

harvest as many vulnerable systems as possible and launch the DDoS attack on the

windowsupdate.com Web site starting this Friday. The worm even has a message to Microsoft in

its coding: ‘billy gates why do you make this possible? Stop making money and fix your

software!’

What analysts are concerned about is the number of vulnerable systems that the worm could

infect.

MSBlaster exploits a flaw with the Remote Procedure Call (RPC) process, which controls

activities such as file sharing. The flaw enables the attacker to gain full access to the

system. The vulnerability itself, which affects Windows NT, Windows 2000 and Windows XP

machines, affects both servers and desktops, expanding the reach of any exploit that takes

advantage of it.

Where the vulnerability affects servers and desktops in such popular operating systems,

there are potentially millions of vulnerable computers out there right now. The security

industry sent out a widespread warning about two weeks ago, spurring many companies to

install the necessary patch, which was available from Microsoft almost a month ago.

But security analysts worry that there are still millions of unpatched machines vulnerable

to the new worm.

Dan Ingevaldson, an engineering manager with Altanta-based Internet Security Systems, Inc.,

says they did some testing within the last few days and found that about 70 percent of

systems were still unpatched.

”Just say there are 20 million vulnerable computers,” says Ingevaldson. ”If you patch 20

percent of them, you’re still looking at 16 million vulnerable computers.”

Ingevaldson says they’re not exactly sure of the number of vulnerable computers but is

confident that it ranges in the millions. By contrast, SQL Slammer, which caused a lot of

problems around the world, infected only about 100,000 computers.

”We’re talking about a lot more than SQL,” says Ingevaldson. ”A lot of vulnerabilities

exist in Internet Explorer and Outlook, but this is a core piece of the operating system.

It’s one of the most widespread and serious of the vulnerabilities we’ve seen. I’m not sure

if it’s the most widespread, but it’s definitely one of the most.”

Regardless of exactly how many computers will be affected, MSBlaster is likely to create a

stir, if not serious problems, at Microsoft.

By aiming the DDoS attack at windowsupdate.com, the author of the worm is deliberately

trying to make it difficult for IT managers and individual users to download the patch they

need to secure their systems against the worm. ”It will focus all the net congestion on

that site,” says Steven Sundermeier, vice president of products and services at Central

Command Inc., an anti-virus company based in Medina, Ohio. ”If it spreads enough around the

world, it could shut down that site. And if that happens, it will render patching

impossible.”

A Microsoft spokesman could not be reached by deadline, but Ingevaldson says he’s heard

reports that Microsoft has been working on securing their Web site since Monday afternoon.

”I’m sure Microsoft is a seasoned veteran when it comes to defending against DDoS

attacks,” he adds. ”I have heard they’re not very worried about the coming attack on

Friday. Maybe they know something I don’t. They’re big and they’re very savvy about these

kind of things. They’ve got a lot of muscle and a lot of experience.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020