Security Experts - Blaster Worm Completed Six Years of Existence on Web
According to security analysts, on August 11, 2009, the Blaster worm completed six years of its circulation on the web as it first appeared in 2003. It is the most successful worm that infected Windows computers.
The worm, also called Lovesan or Lovsan, disseminated on PCs active with Microsoft's Windows 2000 or Windows XP. It was observed for the first time on August 11, 2003 when it began spreading and reached the peak level on August 13, 2003.
Thereafter, on the 16th day, 18-year-old 'Lee Parson' from Hopkins, Minnesota (US) was detained because he designed 'Blaster-version B'. He was sent to prison for 18 months in January 2005.
One more Blaster variant creator 'Dan Dumitru Ciobanu', was also taken into police's custody in Romania as he designed a somewhat meek version of the malicious program.
Court documents revealed that the first version of Blaster was written following the activity of Xfocus a Chinese hackers' group, which had the actual Microsoft patch reverse engineered, which led to the attack's execution.
Subsequently, Blaster propagated via the exploit of a heap-based overflow that 'Last Stage of Delirium,' a Polish hacking collective discovered. The exploitation allowed the malicious program to proliferate even when users did not open attachments as it spread simply by spamming to numerous IP addresses. So far, four variants of the worm have been spotted online.
After Blaster established itself on target computers, it was configured to inundate windowsupdate.com on August 15, 2003. However, it could do little damage as there was enough time for Microsoft to respond.
The company was able to minimize the damage because the website attacked was windowsupdate.com rather than windowsupdate.microsoft.com to which the worm was diverted. Thus, Microsoft disconnected the targeted website from the Internet tentatively so that the worm could not act.
Security analysts said - Blaster would have never succeeded if basic firewall on Windows were available automatically. It was only with Windows XP Service Pack 2 that the change happened in August 2004.
From that time, the scenario of malware altered and although worms keep emerging, high-profile, boisterous mammoth worms like Blaster is ascribed to a bygone era, the analysts comment.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 01-09-2009