RealTime IT News

Microsoft Gears for 'Blaster' DoS Attack

Microsoft has battened down the hatches to prepare for an expected denial-of-service (DoS) attack on its WindowsUpdate.com security site at midnight on August 15.

The DoS attack , which is being triggered by the fast-spreading 'Blaster' worm, could make it impossible to access the Microsoft Web site that is used to distribute security patches. Because the worm is programmed to hammer the WindowsUpdate.com with heavy traffic over the weekend, security experts are warning that the attack would "severely impact access to the website."

A Microsoft spokesman told internetnews.com the company was making special arrangements to deal with the attack. "We are already dealing with very heavy traffic on WindowsUpdate.com because users are downloading and applying patches. This is something we expected so we were prepared for the increase in activity," the spokesman said.

He declined to provide details on specific plans to deal with the DoS attack and urged Windows users to apply the software patch before the weekend to lessen the impact of the attack.

Graham Cluley, a spokesman for Mass.-based online security specialists Sophos, agreed. "The reality of a denial-of-service attack limiting access to the patches is all the more reason to apply the patch immediately," Cluley said.

He said the 'Blaster' worm, which started to infect Windows systems worldwide this week, was designed to cause "maximum mischief."

"The worm's author is clearly looking to cause maximum mischief. He is infecting thousands of machines, and then he's targeting the place to find the fix. People cannot sit on their hands and wait until the weekend. This is a very serious issue," Cluley declared.

"It's only when Microsoft's update website comes under attack that we'll have any idea of just how widespread Blaster really is. It's likely that the first wave of attacks will take place as the clocks turn midnight in AsiaPac, that's early morning on Friday in the US. These attacks could potentially snowball during the day as the rest of the world begins their day," Sophos said.

He noted that Microsoft and the Department of Homeland Security (DHS) issued reminders about the seriousness of the security hole several weeks ago but lamented the fact that millions of susceptible users have been lax about securing their systems.

"A lot of home users in particular has not been serious about virus protection. This worm doesn't travel via e-mail so it's impossible to rely on e-mail scanners. My suspicion is that the majority of users infected with 'Blaster' are home users of small businesses. Home users too laid back when it comes to securing systems," Cluley added.

"To their credit, Microsoft has made it fairly easy for users to patch their computers. There really is no excuse for not applying fixes. This is the ultimate wakeup. You have to wonder what more Microsoft can do to get people to pay attention to security. Should they take out TV ads when they find a flaw? Should they fly a plane with a big banner? Whatever you do, there's always going to be people who ignore it," the Sophos technology consultant lamented.

We have dealt with people who haven't applied a security patch in three years. So, in a sense, we shouldn't be surprised that people haven't patched a hole that was only found four weeks ago," he added.

Meanwhile, Microsoft has taken the unusual step of posting a 'critical' 'Blaster' advisory atop its TechNet security section to provide specifics on prevention and disinfection.

For information on detecting and deleting the worm, see: