San Francisco, Aug 16: Microsoft Corp. has added network capacity and cut the link to a Web site that has been targeted for attack by Windows computers infected by the Blaster worm, the company said on Friday.
Two new versions of Blaster were known to be circulating, but both were rated low risk by security experts. An e-mail "spam" that purports to protect computers from Blaster was making the rounds on the Internet, too.

The worm, which has attacked hundreds of thousands of computers since Monday, causes them to crash and instructs some to launch an attack just after midnight, local times, on Saturday on a Microsoft Web site that provides the patch for the security hole Blaster exploits.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Microsoft has added capacity to handle an increase in traffic, removed the previous link to the targeted Web page and is offering other ways for customers to get to the patch, said Steve Lipner, director of security engineering strategy at Microsoft.

"We've taken a number of steps which should be pretty effective" at stemming the attack, he said.

The worm, also called MSBlaster or LoveSan, takes advantage of a hole discovered last month in Microsoft's Windows 2000, Windows XP, Windows NT and Windows Server 2003 operating systems, although it only infects the first two of those.

At least two new versions were circulating, including one dubbed Randex, that installs a back-door Trojan application that provides an attacker remote access to the computer, according to anti-virus vendor Symantec Corp. The worms were rated low risk.

An e-mail spam also was circulating that purports to offer a patch for the worm, but which instead drops a Trojan program on the computer, said Microsoft, which never distributes software via e-mail.

"Microsoft has pulled Blaster's teeth," said Lloyd Taylor, vice president of Web performance monitoring firm Keynote Systems.

"It is already past midnight in Asia" and nothing much has happened, he said. "We do not expect to see any impact on the Internet infrastructure from the worm's" distributed denial of service (DDOS), as an attack using so-called "zombie" computers is called.

Not all infected computers will attack, only those that are restarted either automatically or manually, said Alan Paller, research director at the SANS Institute.

In addition, Microsoft will disperse Internet traffic coming to its Web site to diffuse the impact, and Internet service providers have deployed anti-DDOS systems that can drop large chunks of attack traffic, Paller said.

The number of infected machines ranges from 386,000, according to a Symantec sample of computers, to 1.2 million, according to estimates from anti-virus vendor Network Associates Inc. Bureau Report