Click here for information on combating the worm.
The worm's infection rate climbed throughout the day on Monday, but overnight the spread of the program dropped off, said Alfred Huger, senior director of engineering for security company Symantec. The reason for the slower spread is likely because of the poor programming of the worm, rather than a lack of vulnerable computers, he said.
"This is the best-case worm," Huger said. "This didn't turn out to be Slammer, which is good for us, but there is still all the variants" that are likely to crop up.
On Tuesday, new hosts were being claimed by the worm about 40 percent slower than as of the same time Monday, Huger said.
Meanwhile, Microsoft confirmed it is working with law enforcement to find the person or group who released the worm.
"We are working diligiently to make sure that we are going to handle the increase in traffic from the worm," said Stephen Toulouse, security programme manager for Microsoft's security response centre, adding the customers can also download patches from the Microsoft Download Centre.
The worm, which security experts believe started spreading early on Monday, scans for vulnerable computers so widely that an unpatched Windows XP computer on the Internet could be infected in as little as 25 minutes, according to Symantec studies.
Network performance measurement company Keynote Systems reported something of a drop in performance in two of the primary backbones that carry Internet traffic. But for the most part, Keynote found that the worm caused very little slowdown.
"Unlike the Slammer worm, which had significant negative effects on the Internet's infrastructure, the Blaster worm is not having a similar effect, as it is programmed to propagate much more slowly," Lloyd Taylor, Keynote's vice president of technology and operations, said in a statement.
The introduction of the MSBlast worm -- also known as W32.Blaster and W32/LuvSan -- ends nearly a month of speculation over when a programmer would commit the obvious crime of writing a worm to take advantage of a vulnerability in a widely used feature of Microsoft Windows.
The new worm pieces together code to exploit the most recent major flaw in Windows with publicly available tools, such as the Trivial File Transfer Protocol (TFTP) server.
The worm is programmed to cause infected computers to send a flood of data to Microsoft's Windows Update service, starting on Saturday morning. The denial-of-service attack could slow down, and even halt access to, the primary way Microsoft customers receive updates for their computers.
The Update service suffered a different kind of denial-of-service attack on Tuesday as people rushed to patch their PCs. The increased volume slowed, or prevented, access to the service. Multiple attempts to connect to the service from CNET's offices failed.
Microsoft representatives were not immediately available for comment.
MSBlast's first attack will last until the end of the year, security researchers said, adding that the coding of the worm will cause it to continue the attack in the latter half of each month for the first six months of 2004.
The worm still hasn't reached the levels of Code Red II, which infected more than 300,000 servers in 10 hours. However, the original Code Red spread very slowly until some online vandal modified the worm and fixed a critical flaw in how it spread. Symantec's Huger worries that someone might do the same with the MSBlast worm.
"This was written very poorly," Symantec's Huger said. "It's the children of Blaster that I fear now."
Talkback
oh my god i am so scared of this im shaking.
one of 4 have the worm in my house!
This is crazy!
can someone please catch the person who did this and punch him in the gut for me......
i have no way of expressing this, its just wrong!!!!!
i hoope everyone goes well in this epidemic.
i say save urselves!
to every one who are not taking precautions.
this thing is very easy to catch.
all i did was get on the net and read some news on this bug. then all of a sudden my comp cllosed. i followed the steps at www.windows.com/security
this is a place where they help.
save urselves man!!!!
Another way of combatting this would be to right click on your isp in the nework connections in control panel go to properties advanced and click on protect my computer. Go to settings and click on whatever you use. I clicked HTTP and the FTP access when you check each one a box will come up.. click ok on each one. click ok on the main an it should be ok... atleast that is what works for me.
I think it's wrong to say this worm was written poorly. Yes, it's speared slows quickly, but think about it:
Our worm-writer included messages to Microsoft and Bill Gates in his code, right? I don't believe he/she/the group actually ever intended to really hurt the MS-buying public. I really think that what they wanted to do was more like spread a little panic, and bring to Microsoft's and the public's attention that there's always holes and such in Microsoft's systems and browsers. This was basically meant to take a blow at Microsoft, that's what I think. Despite that the flow of infected computers has slowed, the programmer(s) seems to have accomplished EXACTLY what they wanted. - A.C. age 14
Little jerkoffs that produce viruses deseve to be locked up and the key thrown away.
They need to get a life.
Can someone please pressure MS into distributing through agents (at least) and on request quarterly update CDs? This will ease congestion at their website and spare the agony of dialup uers.
For anyone out there who is very concerned about this worm virus, don't be. For one, it can only infect computers with 2000, ME, NT, or XP. Other wise, its harmless. For those of you who already have it, it sucks just let me say that. I am a gamer for say and I build systems as a hobby, and of all the viruses that i have experience with, i think by preference i hat this one the most. Random power offs, and occasional denied internet access is really crappy, especially if you are in the middle of installing a new service pack.
The most disturbing thing is that somebody has nothing better to do with their time but create this crap to infect other computers, in order to 'get back' at a company. The message, "Billy Gates why did you make this possible? Quit making all that money and fix your software!" clearly adresses a hostilitiy towards microsoft. Another solution is someone got bored and decided to be a complete and total dick head and create a virus that would infect thousands.
The good news is it is easy to get rid of. Download the fix it file from anywhere, and then go and download the patch for whatever operating system you are running.
That will ensure that the virus cannot get BACK onto your computer.
An interesting note also is that this virus or WORM has the capability to replicate and infect without an email or download interface.
If your computer is hooked up to a network, and one of the computers in the network got the virus, then it is very possible that you will have it too. All it needs is for your computer to be on. In other words, its airborn, in a more kind of a biological way of speaking.
Good luck
It's unfortunate that there's snerts out there that have nothing better to do than to wreak havoc on the public. On the other hand, if MS didn't make such a piece of crap of a product, things like this wouldn't happen nearly as often. The ONLY reason I applied the msblast patch was to assist those people trying to get to the update site. As far as MS is concerned, I couldn't have cared less. I believe the poster named Mancy has a good idea with MS sending us CDs. But that's too idealistic. Bill Gates wants your $$! Because MS' OSes is pretty much the only game in town, they can dictate to hardware and software makers how/what/when. When will this monopoly end? When WE the consumer public will stop accepting the idea of "well, XP IS better than '98/'95" and DEMAND an OS as good as MAC X, Linux, etc. When I get off my lazy butt, I WILL migrate totally to Linux, open-source! MS can go straight to hell, imo!