Experts have been warning of a likely attack on Windows 2000 or Windows XP since Microsoft revealed the flaw in mid-July. At the beginning of August, the US Department of Homeland Security (DHS) issued an unprecedented second alert over the threat, stating:
"An attacker who successfully exploited this vulnerability would be able to run code with local system privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges."
The DHS has now updated the alert. It warns that the worm, known as MSBlast, LoveSan or Blaster, began infecting computers on Monday, and is spreading rapidly over the internet. It is possible that copycat worms will be released in the near future, says the alert.
According to security experts TruSecure, an infected machine will often show error messages or constantly try to reboot. Once infected the worm uses the computer to scan the internet for other vulnerable machines, but unlike other computer exploits this worm does not propagate by means of e-mail. A simple internet connection is enough.
The worm is programmed to launch a denial of service attack – where a web site is overloaded to the point of collapse – against Microsoft's Windows Update site - at windowsupdate.com – on 16th August. The code also contains a message to Bill Gates:
"I just want to say LOVE YOU SAN!! billy gates why do you make this possible? Stop making money and fix your software!!"
Corporate networks are expected to have the necessary patches and should be safe from any disruption, but experts warn that home users are likely to be hit hard. The security patch is available on the Microsoft web site, but users will have to be quick to get it – the worm is targeting the very site that provides users with the patch.
The advice is to http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp">download the patch as soon as possible.