Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Blasters Near Miss and an Apology From Microsoft

    Written by

    Larry Seltzer
    Published August 15, 2003
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      When it rains it pours. Just as IT managers and other security response personnel seemed to turn the corner on the Blaster worm (a k a LoveSAN), the issue became moot for many of us here in the Northeast as our computers shut down for lack of power. Many are still juiceless days later. But like the blackout, Blaster was a bad situation that could have been a whole lot worse and on Monday morning we can take a long look at both and breath a sign of relief.

      The point where Blaster lost was Friday when Microsoft pre-empted the worms scheduled denial of service attack on the Windows Update site. As with several other details in its design, the hacker didnt write the worm as well as it could have been, which either slowed its progress or blunted its impact.

      For example, the planned DOS attack was to be on the address windowsupdate.com. However, windowsupdate.com was never the main name used for the site but is just a redirector point to the real address: windowsupdate.microsoft.com. All Microsoft had to do was to remove windowsupdate.com from DNS and it pre-empted the worms attack.

      Now theres always the chance that the next worm will try to launch a DOS attack on the right address, but that was always a possibility. Besides, the next worm wont likely have as great a penetration because so many more users have by now–hopefully–applied the patch.

      Meanwhile, the worm is still alive, although not as hot as it used to be. Even the .B and .C variants of the worm dont seem to be causing much of a stink. However, you should be on the lookout for a new Trojan horse e-mail that purports to contain a patch to block the worm.

      Speaking of Microsoft patches, as I described in a recent column, during the run-up to the Blaster worm attack, Microsoft went on a security notification blitz. It seems that at least one of the messages released was sent on contract by Digital Impact, a company with shady credentials among those of us dealing with spam.

      A Microsoft spokesperson responded to my complaint:

      In an effort to encourage customers to install the critical patch associated with Microsoft Security bulletin MS03-026, Microsoft contracted a third party to manage the logistics of distributing an e-mail advisory. The timing of the e-mail coincided with a hoax Microsoft e-mail in circulation. While we continue to believe that taking additional action to promote patch application was the correct decision, we understand that the tactic was poorly executed and we are reevaluating our policies regarding the use of third parties to disseminate security information.

      Now, Im not sure what the part about the “hoax” e-mail means, but overall it sounds contrite to me, and a good thing. In another step towards clarity, the Web site at email.microsoft.com no longer reads like a marketing-gobbledygook promo for Digital Impact. Instead, it offers a prominent link to a simple opt-out form.

      Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.

      More from Larry Seltzer

      Larry Seltzer
      Larry Seltzer
      Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement— He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×