Sophos has warned computer users of a new worm spreading across the internet, which exploits a critical vulnerability in versions of Microsoft Windows.
The W32/Blaster-A worm (also known as Lovsan, MSBlaster or Poza) contains a mocking message for Microsoft's chairman Bill Gates, and attempts to launch a denial of service attack on a website run by Microsoft for the purpose of distributing important security patches.
"Blaster attempts to knock Microsoft's windowsupdate.com website off the internet," explained Graham Cluley, senior technology consultant for Sophos. "By attempting a denial of service attack on the windowsupdate.com website, the virus author is deliberately trying to make it difficult for computer users to download the patch they need to secure their copies of Windows against the worm. It's an extremely devious trick by Blaster's author."
The worm contains a message for Microsoft's Bill Gates, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
The Blaster worm does not spread via email, but does distribute itself via the internet looking for vulnerable computers that have not been patched against a security hole first reported by Microsoft in mid-July 2003.
"System administrators should note that Blaster doesn't spread by email - so internet email scanning services will not be able to detect this worm, and an absence of reports at your email gateway does not mean you can rest on your laurels," said Graham Cluley. "Companies should deploy the patch from Microsoft, ensure their firewall is set up correctly and update the anti-virus on their desktop and servers."
Sophos advises users of Apple Macintosh and Unix computers that they are not affected by the Microsoft security vulnerability, and are not at risk from the worm.
Further advice: How to remove the Blaster worm.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.