Archived from:
http://story.news.yahoo.com/news?tmpl=story&u=/nm/20030812/wr_nm/tech_windows_worm_dc_3
By Elinor Mills Abreu
SAN FRANCISCO (Reuters) - An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.'s Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.
The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 (news - web sites) and Windows XP (news - web sites) that lets computers share files, among other activities.
Once it gets onto a vulnerable computer, the program downloads code from a previously
infected machine that enables it to propagate itself. Then, it scans the Internet
for other vulnerable machines and attacks them, said Johannes Ullrich, chief
technology officer at the Internet Storm Center at the SANS Institute.
In some cases, the worm crashes the victim machine, but does not infect it,
he said.
It is spreading rapidly and has infected several thousand machines, Ullrich
said.
The worm also appears to instruct the computer to launch a distributed denial
of service (DDOS) attack on Aug. 16 against a Microsoft Web site, he added.
In a DDOS attack, a Web site is temporarily paralyzed after receiving requests
from numerous multiple computers.
"It's dangerous from the perspective that it can consume a lot of bandwidth,"
said Russ Cooper of TruSecure Corp. "Every compromised machine is constantly
attacking."
The worm contains code that includes a phrase: "Billy Gates why do you
make this possible? Stop making money and fix your software!!," according
to SANS.
Anti-virus provider Network Associates rated it a medium risk for consumers
and corporate computer users, while rival Symantec Corp. rated it a high risk
for distribution and a low risk for damage.
Last month, Microsoft warned of the vulnerability, which experts said was one
of the worst to hit a software program in a few years because of the number
of Windows systems affected.
The U.S. government issued a warning about the security flaw, and then released
another advisory warning after thousands of machines began scanning the Internet
looking for vulnerable computers. After that, experts said it was only a matter
of time before a worm would appear.
In January, a worm dubbed "Slammer" that exploited a hole in Microsoft
SQL database software brought automatic teller machines in the United States
to a standstill, paralyzed corporate networks worldwide and nearly shut down
Web access to South Korea (news - web sites).