What do I need to do to protect my computer from the Blaster worm?
This question was answered on August 13, 2003. Much of the information contained herein may have changed since posting.
Unless you have been vacationing on a remote island or just got back from orbiting the Earth, you probably have heard about the Blaster or LovSan worm by now.
It is one of the most widespread outbreaks in recent history, estimated to have hit over 120,000 computers in a 24-hour period.
Fortunately, it does not do permanent damage to the operating system or critical data, but it can render a computer useless because of the constant shutdowns that it can cause.
What is particularly troubling about this worm is that it does not use e-mail to spread; it simply scans the Internet looking for computers that have a known vulnerability
This vulnerability, which was discovered in June, allows for malicious code to basically ‘overpower’ systems running Windows NT, 2000, XP and Server 2003 so that they can be taken over (Windows 95, 98 & ME were not affected by this worm.)
Once the system has been compromised, the worm installs itself on the system then continues to look for more machines to infect.
The main difference between a ‘worm’ and a ‘virus’ is that a worm can spread from computer to computer by it self, generally without any user involvement A virus will typically try to infect files on a single computer, but needs a little help to spread to other computers (e-mail, floppy disks, etc.).
Microsoft announced a ‘patch’ for this problem on July 16th which is really all that is needed to avoid being a victim, but the announcement went largely unnoticed This and many other patches are always available free from Microsoft by going to WindowsUpdate.com.
The biggest concern I have about this newest delivery method is that it signals the beginning of a new wave of malicious code.
The first generation of the Code Red worm, which was launched several summers ago, was poorly written and did not do as much damage as it could have Code Red II, however, was a modified version of the original Code Red which fixed a flaw in how it was spread and managed to infect over 300,000 servers.
This same re-engineering of the code is already occurring with the Blaster/LovSan worm as variants of the original have already been discovered The original Blaster/LovSan worm was poorly written, but rest assured, a newer more potent and likely, more destructive version,
is on its way as online vandals play with the code.
If you did not get hit with this variant, don’t assume that you are safe Let it be a lesson to all of us to keep our operating systems updated.
Get in the habit of visiting WindowsUpdate.com at least once a month or subscribe to a newsletter from a trusted source that will alert you of new vulnerabilities and remind you to keep your system protected.
Our newsletter subscribers, for instance, were warned about this problem on July 19th with instructions on how to patch the problem If you would like our system to warn you in the future, you can subscribe to our free weekly newsletters at either ComputerProblems.com or at DataDoctors.com
About the author
Posted by Ken Colburn of Data Doctors on August 13, 2003