Top companies blasted by worm virus

Link: Worm virus infecting 30,000 systems an hour

A Sainsbury’s spokeswoman confirmed that an unnamed virus, believed to be Blaster, infected the company’s IT network on Monday night. Non-essential systems were shut down and the infection was cleared up by Tuesday afternoon. The company claims that no customers were affected.

Meanwhile Canon lost its email systems and internal network for a short time. Blaster generates large amounts of network traffic as it spams IP addresses with copies of itself.

According to data collected by Network Associates’, at least 1.2 million unique source IP addresses have been infected since Blaster was released last week.

The Blaster worm, also know as Lovesan, MSBlaster or Poza, attacks via a flaw in Microsoft operating systems for which a patch has been available since 16 July.

The worm is spread automatically by sending itself via TCP port 135 to random IP addresses, generating large amounts of network traffic.

Once it finds and infects a system it copies itself onto the registry and sets up a shell using TCP port 4444, which downloads a program, msblast.exe, before sending itself out again.

Related reading

HMRC banknotes