When we mention Gusano Blaster, the name of a video game might come to mind, or given the current virus situation, it might seem like a new strain of something unknown. And, indeed, there is a virus, but not something that we do not know, since its name has become quite famous.
Well, today is the day 19 years of that 2003 in which this computer worm carried out one of the worst attacks on Windows in history. And it was he, also known as MSBlast and Lovesan, who was first discovered on August 11 of the same year.
Its target was clear, and in this case it was the Microsoft Windows XP and Windows 2000 operating systems. The worm attacked computers by taking advantage of a company security vulnerability and created distributed denial of service (DDoS) attacks on the Microsoft website, forcing them to delete windowsupdate.com.
This affected over 100,000 Microsoft computers. The virus automatically spread to other machines by transmitting through email and other systems in an impressively fast and unstoppable way.
What is a computer worm and how does it work?
In context, a computer worm is a type of malware that distributes copies of itself from one computer to another. This process does not require human intervention and does not require connection to the program to cause damage.
They are usually transmitted through vulnerabilities, although also, as we say in this case, they may come as attachments to spam emails or messages.
Once opened, these files may provide a link to a malicious website or automatically download a computer worm. Once installed, the worm silently gets to work and infects the machine without the user noticing it.
As for the damage that can be done, we find file deletion and even may contain additional malwarel transfer it to the same computer.
Logically, in addition to gradually eating up space on the hard drive of our computer, occupying it with its replicas, it can overload the network and leaving the door open for a hacker to take control of the machine.
How the Blaster Worm Infected Systems in 2003
Between January and August, he launched a denial of service for the windowsupdate.com website. Then in the remaining months (from September to December) the attacks occurred daily.
blaster worm forced the system to reboot every 60 seconds and on some computers it caused a blank splash screen.
As it became known over time, he took advantage of a buffer overflow error and it spreads by sending spam to a large number of IP addresses. This downloaded the “msblast.exe” file to the Windows directory and ran it. If he was able to handle the situation, you were lost and the spread was unstoppable.
Once it infected the giant network, it quickly launched an attack because firewalls didn’t prevent internal machines from using a particular port. In other words, he seemed unstoppable.
The executable file of the worm contained a message with a link to the co-founder of MicrosoftBill Gates: “Billy Gates, why are you making this possible? Stop making money and fix your software.” There was another message “I just want to say that I love you, San.“, giving the alternate name Lovesan.
In this case, the affected computers were used as a means of spreading the virus to other machines. Many security experts called that year one of the worst in history for virus threats that pose a huge risk to the security of Internet users.
The vulnerability was later disclosed by the Last Stage of Delirium (LSD) security team. Later, it was possible to find out for sure that the affected operating systems were Windows XP, Windows NT 4.0 and Windows 2000.. After the vulnerability was discovered, thanks to this team, Microsoft published two different patches (MS03-026 and MS03-039) on their website that fixed the situation.
Its creator, Jeffrey Parson, aged 18, he was arrested and finally sentenced to 18 months in prison.
Source: Computer Hoy