Link: Blaster/Lovsan worm spreading rapidly
The worm has been constructed to use infected PCs to launch the attack on the 16th of every month by flooding the site with requests. Blaster also contained a message from the writer warning Bill Gates to make his software more secure.
‘We’re preparing for attack,’ said Stuart Okin, chief security officer for Microsoft UK.
‘We’ve made plans for dealing with the worm’s payload but obviously can’t discuss exactly what’s planned. As it is, we’ve seen very heavy activity on windowsupdate.com in the last few days for obvious reasons, as people patch their systems.’
The US had the highest number of infections with the UK second according to Symantec. Infection rates seem to be falling but it is likely that the virus will continue to be relatively common in the wild for some time to come.
‘I think it is going to hang around,’ Mark Fisher, technical manager for Trend Micro
‘Home users who may not be patched can harbour a worm like this. Education is going to be key to getting home users to patch more frequently and help avoid future worms.’
There had been fears that the worm could spread much more rapidly. The US department of homeland security issued two warnings about the flaw in Microsoft operating systems that the worm uses.
The critical flaw is in Microsoft’s Distributed Component Object Model Remote Procedure Call (RPC) interface.
The vulnerability involves the RPC protocol, which deals with inter-computer communications. Microsoft warned that, under certain circumstances, the RPC might not properly check messages sent to the PC.