Black Screen

The blaster worm was first detected on the August 11, 2003. The worm is also commonly known as “Lovesan” worm. It started infecting computers with Microsoft operating system like Windows XP (32 bit) and Windows 2000. The worm started spreading fast and reached the maximum number of infections on the August 13, 2003. The B variant of the blaster worm was created by was created by an 18 year old from Hopkins, Minnesota. He was arrested on August 29, 2003. Parson pledges guilty and was sent to the court in January 2005 for a period of 18 months.

The Blaster worm was specially programmed to initiate a SYN (synchronized) flood on August 15, 2003. This flood was against port 80 of www.windowsupdate.com. In other words if the system date is between August 15, 2003 and December 31, 2003 then the blaster worm would cause the exposed system to start a denial of service attacks against www.windowsupdate.com. This launched a DDoS (Distributed Denial of Service) attack against the site. The worm would then spread into the operating system by exploiting a buffer overflow in the DCOM RPC (Distributed Component Object Model – Remote Procedure Call). A patch for the same was release in MS03-026 and MS03-39 a month prior. The reason the blaster worm was called “Lovesan” worm is because of one of the two messages it had in the strings. The other message was to Bill Gates, owner of Microsoft who also was the main target of the worm. The two messages were:

• I just want to say LOVE YOU SAN!!
• Billy gates why do you make this possible ? Stop making money and fix your software!!

The blaster worm was controlled to an extent by the filtering of the ISPs (Internet Service Provider) and its widespread publicity. The worm did not affect Microsoft a lot as the blaster worm was not targeted at www.windowsupdate.microsoft.com to which the www.windowsupdate.com was redirected. Microsoft decided the site www.windowsupdate.com should be temporarily shut down. This reduced the effect of the worm on Microsoft. The blaster worm can only spread on the computers with Windows 2000, Windows XP (32 bit) and Windows Vista. The worm can also cause certain instabilities in the Windows NT, Windows XP (64 bit) and even the Windows Server 2003. The blaster worm on its detection of an Internet connection caused these instabilities. The worm would detect the connection regardless of it being a broadband or dial-up connection. It would then display a message stating, “Windows must now restart because the Remote Procedure Call (RPC) Service terminated unexpectedly”. Then windows would restart automatically mostly after 60 seconds.

The threat level of the blaster worm is low. It could infect anything between 0 to 49 files from a maximum of two sites. The damage levels and distribution level of the worm is low. The various precautions that can be taken are:

• Do not open attachments received via e-mail unless they are expected.
• Remove or turn-off services that are not required.
• Block, disable the affected services that are infected until a patch is applied.
• Update patches regularly.
• Use passwords.

Get a Free Diagnostic Scan with RegCure PC Optimizer
Takes 4 Mins


Click Here