Dom

SEATTLE - The second wave of an Internet attack by the "blaster" worm barely caused a ripple Saturday.

Microsoft Corp. said it had no major problems from the worm's attempt to turn thousands of infected computers into instruments targeting the software company's Web site and network.

The Redmond-based company had not noticed any extraordinary network congestion, spokesman Sean Sundwall said. There were also no reports of customers having major problems accessing the targeted Web site, which houses a software patch that fixes the flaw exploited by the worm.

"So far we have seen no impact on our Web sites or any other Web sites due to the 'blaster' worm," Sundwall said.

Still, he urged people to take precautions to protect their computers.

The virus-like infection, also dubbed "LovSan" or "MSBlast," exploits a flaw in most current versions of Microsoft's Windows operating system for personal computers, laptops and server computers. Although Microsoft posted a software patch to fix the flaw July 16, many users failed to download it, leaving them vulnerable.

As of Saturday afternoon, the worm had infected more than 423,000 computers around the world since Monday, according to security firm Symantec Corp.

Of those, about 50,000 were affected on Saturday, said Mike Bradsaw, a Symantec spokesman.

The infection caused computers to reboot frequently or disrupted users' browsing on the Internet. But it also packed a second punch.

Computer experts said starting at 12:01 a.m. local time Saturday, infected computers that have not cleaned up the virus would in effect turn into a legion of zombies instructed to repeatedly call up a Microsoft Web site that houses the software patch. If enough traffic flooded the network, the site could be rendered unreachable and computer users would be unable to access the patch.

But the exploiters of the Microsoft flaw made a mistake themselves. The worm instructed computers to call up http://windowsupdate.com - which is an incorrect address for reaching the actual Microsoft Web site that houses the software patch. Although Microsoft has long redirected those who visited that incorrect address to the real site - http://windowsupdate.microsoft.com - the company disabled the automatic redirection Thursday in preparation for the onslaught of infected computers.

That has helped Microsoft's real Web site stay accessible to users, Sundwall said. The company was taking other measures to keep its site up and running, he said. He declined to give specifics.

Vincent Weafer, senior director of security response for Symantec, warned that Microsoft's network and others across the country could see a slowdown in Internet traffic simply from the volume of activity the worm is expected to generate from its legion of infected computers.

But that slowdown didn't happen, Weafer said Saturday.

The rate of new infections has slowed in recent days, he said, though computer users who still have not downloaded the patch need to do so. He said the company expects new infections to continue for as long as two years.

The worm left behind a love note on vulnerable computers: "I just want to say LOVE YOU SAN!" It also carried a hidden message to taunt Microsoft's chairman: "billy gates why do you make this possible? Stop making money and fix your software!"

______________________
Source: WashPost

DriveEuro

Total bummer!

__________________
[color=orange]ASUS P4P800 Deluxe [color=black]-[/color] 2.4C --> 3300mhz [color=black]-[/color] Mushkin PC3200 at 220 5-2-2-2 (cpu limited) [color=black]-[/color] BBAti 9800Pro at 430/375 [/color]
[color=black]3[/color][color=gray]D[/color]M[color=black]a[/color][color=gray]r[/color]k[color=yellow]01[/color] [color=black]3[/color][color=gray]D[/color]M[color=black]a[/color][color=gray]r[/color]k[color=yellow]03[/color] 1600*1200 1280*1024

MIG-31

after all the hype about blaster and to say that the time i spent post linked emails to those who i know aswell.

__________________

Logla

Our company had lots of our engineers in on Saturday (I got out of it ) to scan HUNDREDS of our customers pcs and about 100 servers. All for (almost) nothing.

MIG-31

but that keeps you going.jus think of all the money your place gets out of that.

pity you won't see much of it!!

__________________

Logla

Now heres the funny part - they wont get anything. They signed the customer up to a support agreement which means things like Virus infections are our fault therefore we pay.

the customer owns the network but we run it for them and support all kit attached to it. This means that we have to activley enforce virus protection accross the servers and try to get the customers to keep their machines updates. This is rather difficult to do as the customers forget to update every week. The company gets a fixed amount each year for the support so it would have cost us to come in this weekend. The only way to get any extra money out of them is to prove that they infected their own machines. this becomes virtually impossible as we probably support somewhere in the region of 10,000 pcs and a couple of hundred servers - this is a very large corporate WAN.

Did I mention I hate virus writers. idots

MIG-31

didn't look at that way,i would say who needs the support but don't want to speak to soon.

__________________

Logla

Theres one thing though - They keep me in a job

MIG-31

thats one advantage in your favour.pays the bills.

__________________