Did the Blaster Worm get YOU?



Did the Worm get YOU?

Okay, my questions have been answered. Here's another one. Anybody get hit with the worm blaster virus? We did and it took about 3 hours to fix it. Yes, I did it all by my lonesome. For a computer novice it was sense of accomplishment. Put in a firewall, downloaded the recommended patches from Mickey Soft and managed to update Norton's virus definitions before those PIA shutdowns. :)
Good question Energy,

Personally, the only thing I noticed was that the internet suddenly reminded me of Speedy Gonzales. Everything worked at lightning speed. Not really the effect one would have expected, eh?

The simple reason seems to be that very few people were online. Either they couldn't log on or maybe they were clever enough not to, I don't know. One Swedish newspaper posted a poll where over 35% claimed to have been affected in some way.

It's big and bad, allright... :eek:



The typical shutdown was after about 20 minutes on line. Then you had 60 seconds to save work and then you were down.

Web Worm Hits Windows, Crashes Computers

Updated 6:36 PM ET August 12, 2003

By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - An Internet worm called "Blaster" that attacks Windows operating systems spread across the globe on Tuesday, infecting and crashing home and office computers faster than technicians could install safeguards.

A computer security expert said the worm, which specifically targets computers running Windows XP and Windows 2000, could spread for a few days before tapering off.

At least 124,000 computers using Microsoft Corp.'s <MSFT.O> Windows software have been infected worldwide, according to a sample by Symantec Corp.'s Security Response sensor network.

"Corporate networks are getting hit pretty hard," said Alfred Huger, a senior director of engineering at Symantec. "Hundreds of machines are spontaneously rebooting throughout the environment."

Johannes Ullrich of the SANS Institute said the rate at which the worm was spreading seemed to be slowing a bit late Tuesday afternoon. SANS (SysAdmin, Auditing, Networking and Security Institute) is a security training and information organization based in Bethesda, Maryland.

Russ Cooper of TruSecure Corp., a security services provider in Herndon, Virginia, said peak worm activity had occurred between 2 a.m. and 3 a.m. eastern time on Tuesday.

Computers infected by Blaster scan the Internet looking for other machines running Windows that have an open security hole -- one that has not been "patched" or given a fix from Microsoft. The worm then sends itself to those computers.

Windows 2000 and XP computers in North America were getting scanned or infected after being connected to the Internet for an average of 25 minutes, Huger said.

Although some corporate networks were slowed by the worm, no impact on overall Internet traffic was detected.

The worm, also called MSBlaster or LoveSan, surfaced on Monday in the U.S. and quickly spread, taking advantage of a security hole discovered last month in Windows 2000, Windows XP, Windows NT, and Windows Server 2003 operating systems.

Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.


The worm crashes some systems and infects others, but otherwise does no damage, Microsoft said.

"It's certainly not a good thing," Microsoft spokesman Sean Sundwall said. But, "it has not spread at the speed with which more notorious worms, such as Slammer and I Love You and Code Red, did."

That is because the worm was poorly written, according to Symantec's Huger, who said that new variations of it could be more virulent.

David Perry of Trend Micro, an anti-virus vendor based in Tokyo, noted that Slammer targeted SQL Server and Code Red targeted Microsoft's Web server program, which were used on fewer computers than XP and Windows 2000.

With Blaster, there are "100 million to 200 million machines that can be infected in the world, rather than a quarter of a million," Perry said.

Because Blaster does not spread through e-mail like worms typically do, most anti-virus software will not block it. However, anti-virus applications will let computer owners know if they have been infected and can help clean up the worm.

European and Asian anti-virus firms said they had heard from corporations were infected as their systems went online. Some government agencies in the U.S. reported widespread systems problems.

The state of Maryland closed 23 Motor Vehicle Administration offices at mid-day and the system was shut down to apply patches, said spokesman Jack Cahalan.

The computer network at Philadelphia's City Hall was also hit by the worm, according to a city official. Stanford University said 2,500 computers were infected and a Department of Homeland Security spokesman said there were sporadic reports from federal agencies of computers hit by the worm.

The patch is available at http://www.microsoft.com/security/. (Additional reporting by Bernhard Warner in London, Yoo Choonsik in Seoul and Andrea Orr in San Francisco)
Last edited by a moderator:


I would get a NT Scanner Error message and then you watch the clock that tells you how much time you have left to save work before your computer automatically reboots. A real PIA. Intitially it happened after 20 minutes on line. Then, I could be doing some documentation in Word and it would come on every 5 minutes or so. The difficult part of fixing it was being able to stay on line long enough to update your Virus Defintions. (Norton). Being a brand new virus and the automatic update was done a week ago, I think, the worm was blasting away at our WindowsXP system. I noticed a problem late in the day, the day before. Maybe it had babies.:)

Actually, here's the error message:

"NT Access Scanner Service has encountered a problem and needs to close. Sorry for the inconvenience." Then it tells you save all work.
Last edited by a moderator:

Randy Stewart

My software came up with a warning that the virus had been found and quarantined. It found it in one of the Temp Internet Files. It didn't get a chance to infect my home computer and at work we have so much security on our servers it was no problem.


I'm not sure what happened.

Monday (during pre-assessment) our HR mgr downloaded a MS update via the update page (possibly) and did the required reboot. After that she could not get beyond the blue/green screen of NT4 (no login option). After some bad advise from a "tech" person we've used before, machine got really screwed up.

I don't think it was the baster, but she thinks it is because of the timing.

Anyways I tried to repair NT with no luck.
2 installs of windows 2000 later its working again (long story).
Long boring tuesday and wednesday... :ko:

P.S. This is the computer that our Time Clock and Direct Deposit Hardware/Software is connected to. Surprisingly we got them both up and running with minimal tech support! :eek:
Last edited by a moderator:


No problem, we have a very well informed computer staff that tkes care of everything before we even boot-up in the morning.


It took awhile

Randy Stewart said:
My software came up with a warning that the virus had been found and quarantined. It found it in one of the Temp Internet Files. It didn't get a chance to infect my home computer and at work we have so much security on our servers it was no problem.

After I updated Norton, I did a full sytem virus scan with no worm detected. In fact, after the scan, I had 2 more shutdowns and began to doubt the existance of virus. I figured if I stayed off line until I figured it out, I could get some other work done. I prepared some Customer Surveys, yes we send them out after every job, when I got the dreaded shutdow warning. I saved everything and was scowling at the screen when Norton's "Virus Detected" message popped up behing the NT Scanner Message. It automatically deleted the W32.Blaster.com worm. The machine rebooted and did not shut down anymore. Then I went on line and had the Firewall Installed and download the recommended patches from Mickey Soft. Good to go. :bonk:
Top Bottom