First Clones of MSBlaster Worm Detected

The first variants of the MSBlaster worm has hit the Internet.

Both Sophos, Inc. and Central Command, Inc., anti-virus and security companies, report today

that MSBlaster, also known as Lovsan, has been cloned into two very similar variants with

minor alterations made to apparently try to escape detection.

”The original author of Worm/Lovsan was successful at infecting hundred’s of thousands of

computers worldwide,” says Steve Sundermeier, vice president of products and services at

Central Command. ”Unfortunately, history has proven that this type of success usually

generates a litter of copycat creations.”

What Sophos is calling MSBlaster-B is a functional equivalent to the original worm, except

for a different file name and registry entry, report Sophos analysts. The internal message

also has been changed. In the original worm, it read: ‘billy gates why do you make this

possible? Stop making money and fix your software!’ The wording in one variant has been

changed to a more graphic message, this time aimed at Microsoft and anti-virus vendors.

Security experts have been warning IT managers that Monday’s detection of the original

Blaster worm was just the beginning.

”I’m afraid this is just the beginning,” says Dan Ingevaldson, an engineering manager with

Altanta-based Internet Security Systems, Inc. ”We’re going to be dealing with this worm, or

variations of this worm, for some time… I’m worried about the fact that there are still so

many vulnerable machines out there.”

MSBlaster, the original and the new variants, exploit a flaw with the Remote Procedure Call

(RPC) process, which controls activities such as file sharing. The flaw enables the attacker

to gain full access to the system. The vulnerability itself, which affects Windows NT,

Windows 2000 and Windows XP machines, affects both servers and desktops, expanding the reach

of any exploit that takes advantage of it.

Where the vulnerability affects servers and desktops in such popular operating systems,

there are potentially millions of vulnerable computers out there right now. The security

industry sent out a widespread warning about two weeks ago, spurring many companies to

install the necessary patch, which was available from Microsoft almost a month ago.

Security analysts worry that there are still millions of unpatched machines vulnerable to

the new worm.

Dan Ingevaldson, an engineering manager with Altanta-based Internet Security Systems, Inc.,

says they did some testing within the last few days and found that about 70 percent of

systems were still unpatched.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020