Microsoft Gears for ‘Blaster’ DoS Attack

Microsoft has battened down the hatches to prepare
for an expected denial-of-service (DoS) attack on its WindowsUpdate.com
security site at midnight on August 15.

The DoS attack , which is being triggered by the
fast-spreading ‘Blaster’ worm, could make it impossible to access the
Microsoft Web site that is used to distribute security patches. Because the
worm is programmed to hammer the WindowsUpdate.com with heavy traffic over
the weekend, security experts are warning that the attack would “severely
impact access to the website.”

A Microsoft spokesman told internetnews.com the company was making
special arrangements to deal with the attack. “We are already dealing with
very heavy traffic on WindowsUpdate.com because users are downloading and
applying patches. This is something we expected so we were prepared for the
increase in activity,” the spokesman said.

He declined to provide details on specific plans to deal with the DoS
attack and urged Windows users to apply the software patch before the
weekend to lessen the impact of the attack.

Graham Cluley, a spokesman for Mass.-based online security specialists
Sophos, agreed. “The reality of a denial-of-service attack limiting access
to the patches is all the more reason to apply the patch immediately,”
Cluley said.

He said the ‘Blaster’ worm, which started to infect Windows
systems
worldwide this week, was designed to cause “maximum
mischief.”

“The worm’s author is clearly looking to cause maximum mischief. He is
infecting thousands of machines, and then he’s targeting the place to find
the fix. People cannot sit on their hands and wait until the weekend. This
is a very serious issue,” Cluley declared.

“It’s only when Microsoft’s update website comes under attack that we’ll
have any idea of just how widespread Blaster really is. It’s likely that
the first wave of attacks will take place as the clocks turn midnight in
AsiaPac, that’s early morning on Friday in the US. These attacks could
potentially snowball during the day as the rest of the world begins their
day,” Sophos said.

He noted that Microsoft and the Department of Homeland Security (DHS) issued
reminders
about the seriousness of the security hole several weeks ago
but lamented the fact that millions of susceptible users have been lax about
securing their systems.

“A lot of home users in particular has not been serious about virus
protection. This worm doesn’t travel via e-mail so it’s impossible to rely
on e-mail scanners. My suspicion is that the majority of users infected
with ‘Blaster’ are home users of small businesses. Home users too laid back
when it comes to securing systems,” Cluley added.

“To their credit, Microsoft has made it fairly easy for users to patch
their computers. There really is no excuse for not applying fixes. This is
the ultimate wakeup. You have to wonder what more Microsoft can do to get
people to pay attention to security. Should they take out TV ads when they
find a flaw? Should they fly a plane with a big banner? Whatever you do,
there’s always going to be people who ignore it,” the Sophos technology
consultant lamented.

We have dealt with people who haven’t applied a security patch in three
years. So, in a sense, we shouldn’t be surprised that people haven’t
patched a hole that was only found four weeks ago,” he added.

Meanwhile, Microsoft has taken the unusual step of posting a ‘critical’
‘Blaster’ advisory atop its TechNet security section to provide
specifics on prevention and disinfection.

For information on detecting and deleting the worm, see:

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web