Microsoft Defangs Blaster, Delays Service Pack

Microsoft foiled a well-publicized denial-of-service attack on its Windows Update site over the weekend, but the company still faces questions about its handling of the flaw that allowed the Blaster worm to infect thousands of computers worldwide.

The software giant said it thwarted the attack, planned for Saturday, by disabling the Web address that the worm was set to bombard with traffic.

“Blaster is dead,” Keynote Systems vice president Lloyd Taylor told the E-Commerce Times. “Microsoft defanged it.”

Easy Resolution

It was easy for Microsoft to defuse the attack because the worm was written to attack a URL that is not the main site for Windows updates, but rather a site that collects and redirects traffic to a Microsoft.com site.

Still, Taylor said that despite the worm’s defeat, users — particularly home users — still should take a lesson from it. “People have to become better at getting their updates and applying patches,” he noted. “Once every couple of weeks should be the minimum.”

In addition, critics of Microsoft are continuing to blame the software maker for the flaw, posting to online message boards to air their displeasure. Microsoft said it fielded thousands of inquiries over the weekend about the impact of Blaster, which is also known as Lovsan.

Packing It Up

Microsoft might have added fuel to the controversy by delaying for nearly a year a Windows XP service pack that will include patches for the Blaster flaw, among other security upgrades. The company now says the service pack will become available in the latter half of 2004.

Jupiter Research analyst Joe Wilcox said the now-lengthy period between rollouts “isn’t necessarily best for many businesses,” which are already lax about installing service packs and almost never opt to apply patches as they are made available.

“There are lots of Microsoft patches, so it’s a real convenience to have a service pack that consolidates them all,” Wilcox said. “If this turns into a trend, businesses will have to take more aggressive responsibility to use the tools and information Microsoft provides to ease patch management woes.”

Gone, Not Forgotten

The Blaster worm and its variants, including a spinoff trojan that masquerades as a fix for the RPC flaw that enabled Blaster to spread, remain a threat, according to major antivirus companies. Symantec continues to rate Blaster’s risk as four out of a possible five, while McAfee rates it a “medium risk” threat.

According to HackerWatch.org, the rate of infection from the worm peaked last Monday at some 68,000 infections per hour, a rate that fell to about 30,000 by the end of the week.

Security firms seem poised to gain from the Blaster attack, which is one of the first worms to intentionally target home users. McAfee’s home page urges use of firewalls. Last week, Sun Microsystems ramped up its release of a Linux-based alternative to Windows and Office, immediately opening registration for Project Mad Hatter in an attempt to profit from Microsoft’s security woes.