As the Worm Turns: Lessons from Blaster

Microsoft deserves some blame for the rapidly spreading Web virus -- but so do network administrators, ISPs, small businesses, and individual PC users. Compared to the images of sweaty Gothamites trudging across the Brooklyn Bridge in 95-degree heat during the massive power blackout, the MS Blaster worm now seems like a walk in the park. Still, the latest worm to clog corporate networks and kludge the Net wreaked plenty of havoc in its own right. Internet security companies estimated losses from both downtime and wasted manhours in the hundreds of millions of dollars for U.S. companies. And Blaster-infected machines significantly impacted the Internet. The stream of bogus requests generated by the worm slowed DNS (domain name system) servers that act as the phone directories of the Internet. Compromised computers jammed up networks ranging from BMW in Germany to the Maryland Motor Vehicles Dept. . Like the Slammer and CodeRed worms before it, Blaster targeted computers running Microsoft Windows 2000 and Windows XP operating systems. The worm carries a small program designed to exploit a chink in Redmond's digital armor and insert a file deep into the operating system in the Windows registry system. The registry is a database where the most basic rules that govern how a Windows machine behaves are stored and categorized. Once Blaster inhabits the registry, it causes computers to restart without warning and to spew out thousands of connection requests per minute, in search of other machines to infect. The sheer volume of traffic caused enough digital noise to bog down networks.