Microsoft has the cure for the Blaster worm, but users face traffic snarls as they try to download.
Computer users were scrambling Wednesday for alternate fixes for the havoc
wreaked by the Blaster worm as many people were unable to reach Microsoft Corp.’s
main patch download site.
The Windows Update Web site, through which users can automatically download
security patches and other software fixes, was extremely sluggish most of Tuesday
afternoon and Wednesday morning, and some users reported being unable to reach
the site at all. Officials at Microsoft said they’ve seen an increase
in traffic as customers swarm the site looking for the patch to prevent Blaster
“We’ve definitely seen an uptick in traffic, but there have been
no outages on the site,” said Stephen Toulouse, security program manager
at the Microsoft Security Response Center in Redmond, Wash.
The Blaster worm, also known as LoveSan, began infecting Windows NT, 2000 and
Monday afternoon and has been spreading rapidly ever since. The
worm exploits a vulnerability in the Windows RPC (Remote Procedure Call) service
and sucks up a lot of bandwidth scanning for other vulnerable machines once
it has infected a PC.
Microsoft made a patch available for the flaw in mid-July when the vulnerability
was first disclosed, and those people who waited until now to apply it are running
into serious problems. Between the slow response on the WU site and the fact
that infected XP machines fall into a continuous reboot cycle once the RPC service
fails, many users have been unable to download the fix. Users can also download
the patch from the Download
at Microsoft’s main Web site.
There are some other alternatives for cleaning up Blaster, though. On XP machines,
users can enable the Internet Connection Firewall, which blocks the worm’s
activity, and then try to download the patch. Users running other operating
systems can install other personal firewalls or follow a set of steps
to disable the DCOM (Distributed Component Object Model) service in Windows to prevent infection by Blaster, and then install the patch, according to officials at the CERT Coordination Center.
However, on machines running Windows 2000 Service Pack 1 or 2, this method does not completely disable DCOM, security experts said.
In addition to causing major head-aches for users and IT staffs, Blaster is also being blamed for some service problems on Comcast Corp.’s cable modem network. Several Comcast customers said their service had been down for extended periods during the last couple of days and that Comcast officials said Blaster was to blame.