Security experts have warned that a fast-spreading new Internet worm is taking advantage of a recently discovered security hole in the Microsoft Windows operating system.
The worm, dubbed LoveSan, Blaster or MSBlaster, emerged in the US yesterday, crashing systems and spreading to tens of thousands of vulnerable computers, security experts said.
The worm exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP that lets computers share files, among other activities.
Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. It then scans the Internet for other vulnerable machines and attacks them, says Johannes Ullrich, chief technology officer at the Internet Storm Centre at the SANS Institute. Worm/Lovsan.A will download and run the file msblast.exe using the Trivial File Transfer Protocol.
In some cases, the worm crashes the victim machine, but does not infect it, he says.
The worm contains code that includes a phrase: "Billy Gates why do you make this possible? Stop making money and fix your software!!," according to SANS.
Anti-virus provider Network Associates rated it a medium risk for consumers and corporate computer users, while rival Symantec has upgraded it to a level four risk.
Symantec says it has determined that the worm also contains code to launch a denial of service attack against windowsupdate.com after 15 August through to the end of the year, every year.
Symantec says over 57 000 systems have been infected to date and that W32.Blaster.Worm is propagating at a rate of roughly 20% that of the Slammer worm, in terms of instances of infection per hour passing through its clients` security devices.
Symantec Security Response urged users to patch systems immediately. The patch is available here.
More information on this worm and how to delete and scan for infected files can be found on the Symantec Security Response Web site.
Last month, Microsoft warned of the vulnerability, which experts said was one of the worst to hit a software program in several years because of the number of Windows systems affected.
The US government issued a warning about the security flaw, and then released another advisory warning after thousands of machines began scanning the Internet looking for vulnerable computers. After that, experts said it was only a matter of time before a worm would appear.
In January, a worm dubbed "Slammer" that exploited a hole in Microsoft SQL database software brought automatic teller machines in the US to a standstill, paralysed corporate networks worldwide and nearly shut down Web access to South Korea.
Share