It has a cute name, however, in 2003, this worm launched many DDoS attacks against Microsoft servers.
When we are mentioned Gusano Blaster, the name of a video game may come to mind or, given the current situation regarding viruses, it seems like a new strain of something unknown. And, in reality, virus is, but not something that we do not know, since its name has become quite well known.
Well, today is fulfilled 19 years of that 2003, in which this computer worm carried out one of the worst attacks on Windows in history. And it is that, also known as MSBlast and Lovesan, this was detected for the first time on August 11 of that year.
Its target was clear, and in this case it was the Microsoft Windows XP and Windows 2000 operating systems. The worm attacked computers by taking advantage of a company security flaw and created Distributed Denial of Service (DDoS) attacks against the Microsoft website, forcing them to remove Windowsupdate.com.
It affected more than 100,000 Microsoft computers. The virus spread automatically to other machines by transmitting through email and other systems in an impressively fast and unstoppable way.
What is a computer worm and how does it work?
To contextualize, a computer worm is a type of malware that spreads copies of itself from one computer to another. This process requires no human interaction and does not need to be attached to a software program to cause damage.
These are usually transmitted through vulnerabilities, although also, as in this case we are talking about, they can arrive as attachments in spam emails or messages.
Once opened, these files may provide a link to a malicious website or automatically download the computer worm. Once installed, the worm silently goes to work and infects the machine without the user even noticing.
As for the damage that can be caused, we find the deletion of files and even may carry additional malicious softwarel transferring it on the same computer.
Logically, apart from gradually eating up space on our computer’s hard drive, occupying it with its replicas, it can overload the network and leaving the door open for a hacker to gain control of the machine.
How the Blaster Worm Infected Systems in 2003
During the months of January to August, it launched a denial of service against the windowsupdate.com website. Then, for the rest of the months (September to December), the attack occurred on a daily basis.
the blaster worm caused the system to reboot every 60 seconds and, on some computers, it caused an empty splash screen.
As it has become known over time, it took advantage of the buffer overflow bug and it spread by sending spam to a large number of IP addresses. This downloaded the file “msblast.exe” in the Windows directory and executed it. If it managed to settle, you were lost and the spread was unstoppable.
Once it had infected a giant network, it would proceed with the attack quickly because firewalls did not prevent internal machines from using a specific port. So to speak, he seemed unstoppable.
The worm executable file contained a message referring to the co-founder of MicrosoftBill Gates: “Billy Gates, why are you making this possible? Stop making money and fix your software.” There was one more message “Just want to say Love you San” which gave an alternative name to Lovesan.
This used the affected computers as a means of propagation to spread the virus to other machines. Many security specialists called that year one of the worst in history for viral threats, posing a huge risk to the security of Internet users.
The flaw was later exposed by the Last Stage of Delirium (LSD) security group. Later it was possible to know for sure that the affected operating systems were Windows XP, Windows NT 4.0 and Windows 2000.. Once the vulnerability was exposed, thanks to that team, Microsoft published two different patches (MS03-026 and MS03-039) on its website, which solved the situation.
Its creator, Jeffrey Parson, 18, he was arrested and finally sentenced to 18 months in prison.
George is Digismak’s reported cum editor with 13 years of experience in Journalism