NEWS FROM THE LAB - Tuesday, August 10, 2004

Blaster - One Year Later Posted by Mikko @ 15:42 GMT

The Blaster (aka Lovsan) Internet worm outbreak happened a year ago, on the 11th of August, 2003. Together with Welchi, a related worm which was found few days later, this was a massive outbreak. Blaster is among the three largest Internet worm outbreaks ever (the other two being Slammer and Sasser).

Blaster also launched a DDoS attack against windowsupdate.com. Result: windowsupdate.com was taken down by Microsoft, and it's still down today (but www.windowsupdate.com works). Blaster is still in the net, scanning for vulnerable hosts. It will continue to be there for years.

Blaster's outbreak was massive, and affected Windows PCs started rebooting continuously. Many organizations were hit badly, including several banks and airlines. The seriousness of this case was probably one of the reasons why Microsoft put so much effort into SP2 for Windows XP… which was released almost exactly on the anniversary of the outbreak.

To get some impression on how serious Blaster was, read this snippet taken from the web page of CSX, one of the largest railroad operators in the USA: