Why did MSBlast fail to take down Microsoft?
Jonathan Yarden
Published: 28 Aug 2003 13:30 BST
The use of DNS in worms makes them considerably more difficult to deal with. That's why it's tough to stop the spread of MSBlast -- you can't simply block a TCP and UDP port without considering how it affects legitimate services. For example, blocking TCP port 135 on routers will stop MSBlast but also other software that makes use of the DCOM service, such as Microsoft Exchange. If you're going to successfully block MSBlast, you'll need to do it on border Internet routers and accept that some of your Microsoft products are not going to work across the Internet.
So this time, a worm failed to live up to its hype. However, don't be too sure it won't be worse the next time. Remember that thousands of hosts are still infected with MSBlast, scanning like mad to infect other machines.
But it was an interesting week. Who could have expected that a worm (Nachi) would be released that disables MSBlast and tries to fix vulnerable machines? For now, MSBlast has not made much of a dent at Microsoft or caused too many problems for the Internet. And although the Nachi worm isn't exactly what I would call a "success," it's an intriguing solution for stopping MSBlast. Sometimes, there really are simple solutions to complex problems.
This article was originally published in the Internet Security Focus e-newsletter.
Previous
Did you find this article useful?
112 out of 191 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
2 comments
