• About us
• Noticeboard
• In the news
• Business survival
• Knowledge centre
• Business helpline
• Humour
• Contact Us

You are here: Home > Noticeboard > Virus alerts > Blaster worm attacks small businesses

• Business diary
• Can you help . . .
• Features and offers
• IT tips
• Quick wins
• Tax and Red Tape
• Virus alerts
• What's new on topenterprise
• Could you help answer our short survey?
  Please Click Here

Blaster worm attacks small businesses

Users of PCs and servers infected by Blaster will find their PCs rebooting repeatedly when they connect to the Internet.

31 10 2003

Symptoms -

Users of PCs and servers infected by Blaster will find their PCs rebooting repeatedly when they connect to the Internet.
PCs will continue to reboot after each successive attempt to connect.
Users of PCs and servers infected by the Blaster worm may experience slow responses and frequent, unexplained ‘crashes’.

Users generally may find that they are unable to access the security patch via Microsoft’s web site due to attacks generated by the Blaster worm.

Cause -

Security gaps in Microsoft operating systems were found that could enable remote computers to gain unauthorised control over PCs and servers.

In July 2003 Microsoft made software patches available to users via their web site to combat the security risks. Blaster was first reported on August 11 2003 when it exploited these security loopholes on systems that had not been updated with this security patch.

Your firewall software may not be completely effective because Blaster uses a security gap in the operating system itself.

Action -

Users of Microsoft operating systems should immediately
- check which type of operating they use (e.g. Windows 2000, server 2003, NT 4.0 or the newest XP version)
- verify whether the patch has been applied already
- and if necessary download and install this new security measure from Microsoft.

Also follow Microsoft’s recommendations to block ports at your firewall. Blaster is expected to generate a synchronized attack by infected machines on Microsoft’s web site to deny users access to the necessary security update.

If you have a PC that is already infected, use another ‘clean’ PC to access Microsoft’s web site and obtain instructions on how to connect to the Internet and avoid the Blaster reboot problem, so you can install the security patch on your own PC.

Details -

Blaster is also known as LoveSAN, Lovsan and Poza. It is not restricted to business IT systems and does not propagate itself via e-mail, as others often do.

To date it has been relatively slow moving but it is believed to have infected over 100,000 sites around the world. Viruses often mutate rapidly so further variants of this worm are quite likely in the future.

For more information about Blaster and to download the patch -
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

More like this View keywords

Related Articles:

• Mimail steals credit card information – upgraded to Level 3 risk by Symantec
• MyDoom worm
• Netsky Internet worm
• UK small businesses trail behind Europe on cyber-security
• Critical threats to Windows users – April 2004
• 'Sasser' worm upgraded to Category 4 threat
• What is an Internet worm?
• Bagle running wild on the Internet
• Microsoft announces emergency security fix for Internet Explorer
• Small companies must respond to computer virus danger warnings
• Where did these come from?

• Privacy
• Copyright
• Terms of use