Experts: Web attack may hit Microsoft Saturday

Wednesday, August 13, 2003 Posted: 1615 GMT (12:15 AM HKT)

Story Tools VIDEO KIRO's Debbie Horn reports on the worm's spread. PLAY VIDEO RELATED • Internet worm spreading rapidly  • Experts anxious over possible Net attack  • Microsoft Windows update  QUICKVOTE Has your computer ever been affected by a virus or worm? Yes No VIEW RESULTS

LONDON, England (Reuters) -- Like sharp-shooters armed and ready to fire, hundreds of thousands of computers are poised to let fly a potentially crippling data attack on a lone Web site belonging to software giant Microsoft Corp.

Starting Saturday, August 16, each computer infected by the "MSBlaster" or "LoveSAN" Internet worm will begin sending packets of data several times per second to the Microsoft site in an attempt to knock it offline.

The targeted Web site is windowsupdate.microsoft.com, the site Microsoft uses to distribute updates of its Windows operating system that runs an overwhelming majority of the world's computers.

Blaster has been spreading across the Internet since Monday. Security experts in Europe Wednesday reported that the worm, which targets computers running on Windows XP, Windows 2000, Windows NT and Server 2003 software, was still infecting machines, though at a slower rate.

But the clean-up is far from over.

"Most (IT technicians) today are trying to determine what will be the impact to their systems when this attack is scheduled to go off," said Mikko Hypponen, manager of anti-virus research for Finnish computer security firm F-Secure.

Home and corporate users hit

Blaster has hit both home and corporate users, making an accurate toll of infected computers difficult to measure. But computer experts following the worm's progress estimated it had infiltrated hundreds of thousands of machines around the world.

The worm, which spreads via an ordinary Internet connection, was described by various network security specialists as a "ticking bomb," though there was much debate over whether it would be a boomer or a dud.

With such a coordinated volley of data timed to deluge a single site, it leaves the overall Internet susceptible to slowdowns, though many security professionals were playing down that scenario Wednesday.

A shutdown of the Windows "update" site, the only place to fortify a computer against Blaster, is more likely, they said.

"It's a game of beat the clock," said Raimund Genes, European president of security firm Trend Micro. "People will be working overtime to patch their systems before Saturday to get rid of Blaster."

The worm can be eradicated by downloading the patch off www.windowsupdate.com and re-booting the machine. Microsoft said the worm may cause systems to crash at first, but did not damage the victim's computer.

Gussipekka Pispa, director of information technology at Finland's Tampere University of Technology, told Reuters he and his team were working around the clock to check hundreds of computer servers for signs of a Blaster infestation.

Should the computers start firing data requests at the Microsoft site Saturday, it could bog down the university's network. "It's a big job," Pispa said.