Sophos's technical support department is seeing an hour-on-hour
increase in the number of calls from users concerned about the
prolific Blaster
worm, first seen late in the day (UK time) on 11 August. Unlike
the more common email-aware worms, which often burst on the scene
and rapidly die away, Blaster, which creeps round the internet
looking for critical holes in Microsoft Windows, appears to be
gaining momentum.
Sophos technicians have also warned users that it is possible to
become infected by the Blaster worm without there being any obvious
symptoms. Infected PCs are experiencing slower performance and
those running Microsoft Windows XP are prone to re-booting over and
over again. Sophos is concerned that many users - particularly home
users - may just consider this an everyday glitch, not realise they
are infected and take no action.
"Blaster has claimed its place as the most widespread virus in
the world right now," said Graham Cluley, senior technology
consultant at Sophos. "Despite well publicised advice regarding
this Windows vulnerability from both Microsoft and the US
Department of Homeland Security it seems that not everyone applied
the patch in time."
"Blaster is as stealthy and silent as a shadow - it doesn't rely
on emails to spread, so it's less likely to evoke user suspicion.
It also knows no language barriers so it is truly a global worm,"
continued Cluley. "The danger is that there are numerous PCs out
there which are infected without people realising. Sophos has
received stacks of reports of this worm, but these could be just
the tip of the iceberg."
The Blaster worm will automatically instruct infected PCs to
launch a distributed denial of service attack on Microsoft Windows
update website (www.windowsupdate.com) at 12 midnight local time on
Friday 15/Saturday 16 August. Microsoft uses the website to deliver
important security patches, such as the one exploited by the worm,
to home users. If the attack is successful, Windows home users may
be unable to access the website for critical security
protection.
"It's only when Microsoft's update website comes under attack
that we'll have any idea of just how widespread Blaster really is.
It's likely that the first wave of attacks will take place as the
clocks turn midnight in AsiaPac, that's early afternoon on Friday
in the UK. These attacks could potentially snowball during the day
as the rest of the world wakes up," said Cluley.
Further reading:
Instructions on how to
protect against and remove infections of the Blaster worm.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.