Blasters Near Miss and an Apology From Microsoft

 
 
By Larry Seltzer  |  Posted 2003-08-15 Email Print this article Print
 
 
 
 
 
 
 

Blaster may or may not be the worm that almost ate the computing world, and there's still hot spots of variant activity. Along with an examination of Blaster's aftermath, Security Supersite Editor Larry Seltzer passes on Microsoft's apology for mishandlin



When it rains it pours. Just as IT managers and other security response personnel seemed to turn the corner on the Blaster worm (a k a LoveSAN), the issue became moot for many of us here in the Northeast as our computers shut down for lack of power. Many are still juiceless days later. But like the blackout, Blaster was a bad situation that could have been a whole lot worse and on Monday morning we can take a long look at both and breath a sign of relief. The point where Blaster lost was Friday when Microsoft pre-empted the worms scheduled denial of service attack on the Windows Update site. As with several other details in its design, the hacker didnt write the worm as well as it could have been, which either slowed its progress or blunted its impact. For example, the planned DOS attack was to be on the address windowsupdate.com. However, windowsupdate.com was never the main name used for the site but is just a redirector point to the real address: windowsupdate.microsoft.com. All Microsoft had to do was to remove windowsupdate.com from DNS and it pre-empted the worms attack.
Now theres always the chance that the next worm will try to launch a DOS attack on the right address, but that was always a possibility. Besides, the next worm wont likely have as great a penetration because so many more users have by now--hopefully--applied the patch.

Meanwhile, the worm is still alive, although not as hot as it used to be. Even the .B and .C variants of the worm dont seem to be causing much of a stink. However, you should be on the lookout for a new Trojan horse e-mail that purports to contain a patch to block the worm.

Speaking of Microsoft patches, as I described in a recent column, during the run-up to the Blaster worm attack, Microsoft went on a security notification blitz. It seems that at least one of the messages released was sent on contract by Digital Impact, a company with shady credentials among those of us dealing with spam. A Microsoft spokesperson responded to my complaint:
    In an effort to encourage customers to install the critical patch associated with Microsoft Security bulletin MS03-026, Microsoft contracted a third party to manage the logistics of distributing an e-mail advisory. The timing of the e-mail coincided with a hoax Microsoft e-mail in circulation. While we continue to believe that taking additional action to promote patch application was the correct decision, we understand that the tactic was poorly executed and we are reevaluating our policies regarding the use of third parties to disseminate security information.


Now, Im not sure what the part about the "hoax" e-mail means, but overall it sounds contrite to me, and a good thing. In another step towards clarity, the Web site at email.microsoft.com no longer reads like a marketing-gobbledygook promo for Digital Impact. Instead, it offers a prominent link to a simple opt-out form.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.

More from Larry Seltzer
 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel