Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking

    Two Years Later, Blaster Worm Still Squirming

    By
    Ryan Naraine
    -
    December 5, 2005
    Share
    Facebook
    Twitter
    Linkedin

      More than two years after Blaster turned the summer of 2003 into an IT administrators worst nightmare, the worm is still very much alive and there are fears within Microsoft that thousands of Windows machines will never be completely dewormed.

      According to statistics culled from Microsofts Windows malicious software removal tool, between 500 and 800 copies of Blaster are removed from Windows machines per day.

      “The continued prevalence of [Blaster] is likely due to infected computers which, for one reason or another, will never be updated or disinfected. These computers will serve as eternal carriers for the worm,” says Matthew Braverman, a program manager in Microsofts Anti-Malware Engineering Team, the unit at Redmond responsible for updating the free worm-zapping tool.

      In a case study on Blaster presented to the Virus Bulletin conference in October, Braverman said Blaster ranked in the top five of the most prevalent worms removed by the anti-malware utility, which ships on Patch Tuesday every month.

      Braverman said 79 percent of the removals were made from Windows XP Gold and 21 percent from Windows XP SP1.

      On Windows XP SP2, infections are almost nonexistent, Braverman said, pointing out that XP SP2 systems went through a major post-Blaster security overhaul that means those systems cannot be infected through Blasters main replication vector.

      /zimages/2/28571.gifRead more here about Sasser, the last big network worm attack.

      “In fact, it is surprising that the Windows XP SP2 removal number is greater than zero; this is likely due to malware that replicates through other mechanisms (for example, e-mail) and drops MSBlast on a computer,” Braverman said.

      The statistics also show a similar pattern for the Sasser worm that rocked corporate networks last year.

      Overall, of the 25 malware families listed in Bravermans case study, most were removed from Windows XP systems that had not been upgraded with SP1 or SP2.

      Jason Garms, architect and group program manager on the Anti-Malware Technology Team, believes the hundreds of daily Blaster removals are actually “reinfections” on machines that go back to an unpatched state.

      In an interview, Garms said Blaster reinfections occur when Windows users reinstall the operating system from original media or roll back an OS install to a state where the Blaster patch is removed.

      Even so, Garms said actual removals of Blaster were trending downward. When the case study was prepared, the tool was deleting 800 copies of the worm a day. Today, that number is closer to 500 a day and continuing to go down.

      The Sasser worm, too, was less prevalent over time, moving from 12th on the case study list to 18th in early December.

      /zimages/2/28571.gifRead more here about 10 years of Windows worms.

      The low rate of Blaster and Sasser detections on machines running Windows XP SP2 is a nod to Microsofts heavy investment on hardening the OS, Garms said.

      One of the key additions to SP2 was an improved firewall that is turned on by default.

      “We improved the functionality of the firewall and saw an immediate benefit to defend against malware that exploit network vulnerabilities.”

      Garms also preached the gospel of turning on automatic updates to suck down security patches on Windows systems.

      “The vast majority of SP2 users have turned it on, and we continue to encourage customers to turn on auto updates during the installation process.”

      Jose Nazario, a security engineer at Arbor Networks Inc., has also been tracking the prevalence of Blaster two years after the worm outbreak and says it is rather surprising that Microsoft is still removing hundreds of copies a day.

      “Blaster is no longer globally disruptive, so it has slipped our minds, but these numbers show that its still around. My feeling is that those are mainly infected home users, mostly on dial-up connections that never got around to patching and are finally getting the [worm removal] tool installed,” said Nazario, who also runs the Worm Blog.

      In an interview with Ziff Davis Internet News, Nazario said the Microsoft white paper presents a very “telling picture” of the chunk of users still running the gold version of Windows XP, which is full of serious security holes.

      “It tells us that theres a large chunk of the population that have not upgraded yet to SP1 or SP2 and theyre not downloading patches or even using auto-updates,” Nazario said.

      “Based on those numbers, Blaster isnt going to go away anytime soon,” he said, noting that his own research has shown that Blaster infections have successfully transitioned to new hosts.

      “We keep seeing the hosts change as the original systems are cleaned or shut off,” Nazario said.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×