MS braces for more attacks
Far from perfect software themselves, Microsoft can at least breathe a sigh of relief as the author of the “blaster” worm also made mistakes in writing his virus.
It is those errors that are allowing Microsoft to fend off the second wave of attacks on its internet website.
On Friday, computer experts said, the worm was entering its second phase, aiming to bring down Microsoft’s Web site for software patches by flooding it with traffic. But by later that evening, the Redmond, Washington-based company had not noticed any abnormal network activity.
The flaw detected in the virus is when the worm instructs computers to access: <http://windowsupdate.com>, which is an incorrect address for reaching the actual Microsoft website that hosts the software patch.
Microsoft had been redirecting those who visited that incorrect address to the real site:
But the company disabled the automatic redirection on Thursday in preparation for the barrage of infected computers.
The virus-like infection, also dubbed “LovSan” or “MSBlast,” exploits a flaw in most current versions of Microsoft’s Windows operating system for personal computers, laptops and server computers. Although Microsoft posted a software patch to fix the flaw on 16 July, many users failed to download the patch, leaving them vulnerable.
According to security firm Symantec, the worm has infected more than 350,000 computers around the world since Monday.
Security experts predict a slow-down in internet traffic due to the volume of traffic the worm is expected to generate from infected computers.
The Department of Homeland Security said it had not noticed any activity from the worm yet, but urged home users and small and mid-sized businesses to download the patch.