Blaster Worm Still Active; Removal Tool Released
Tardy home users with unpatched systems are the main culprits.
Almost six months after the destructive 'MSBlaster' worm first appeared, Microsoft
has released a removal tool with a firm warning that infected home users are still "actively transmitting" the worm.
The worm, which hammered corporate networks last summer, exploits a security flaw with Microsoft Windows' Remote Procedure Call (RPC) process. Even though a patch has been available for several months, Microsoft again warned home users have been tardy about applying the fixes.
"For many users in this situation, there is little indication that they are infected other than possible performance degradation. And those infected are still actively transmitting the worm, causing Internet congestion in the process," a Microsoft spokesperson told internetnews.com.
The software giant blamed home users for not taking steps to disinfect the virus, despite the availability of two separate patches in recent months (MS03-026 and MS03-039).
The company released a detection and removal tool for Windows XP and Windows 2000 machines. The tool comes as a 317 KB download (3 to 5 minutes for dial-up connections).
According to a Microsoft spokesperson, Internet backbone providers are continuing to battle high network traffic as a result of the worm's activity. "[Backbone providers are saying] that the traffic level on their networks was still higher than many would have predicted. Trying to significantly reduce the number of infected PCs will help to relieve this traffic."
Microsoft's worm removal tool runs on systems that have already installed the MS03-026 and MS03-039 patches which helps Windows 2000 and XP users to find and remove common Blaster variants that may have infected systems prior to patch application.
The company is also urging home users to enable the Internet Connection Firewall (ICF) that's embedded in Windows XP to automatically block Blaster mutants.
The MSBlaster worm, which used infected machines as a distribution mechanism, was one of several high-profile worms that hit Internet users in 2003. Security analysts rated 2003 as the worst ever in dealing with online security issues.
"This  has been the worst ever. Without a doubt, malicious code came to a massive head in 2003... we saw a huge impact of malicious code on infrastructure. We had seen worms cause some disruption before, but mostly they'd been an annoyance. Now infrastructure is being impacted," according to Ken Dunham, director of malicious code at iDefense, Inc.
December 31, 2003
Is the discovery a harmless oversight or a sign that browser development and security are not high priorities in Redmond?