Warning Goes Out about Blaster Email Hoax

Security analysts are warning IT managers and users about an email hoax that is playing off

people’s concerns about the Blaster worm.

A new backdoor Trojan, named the Graybird-A, is being disguised as a patch for the Microsoft

Windows vulnerability that the Blaster worm has been exploiting for the past week. The bogus

patch is coming attached to an email.

Microsoft has issued a statement warning users that the company never delivers software

directly via email. Patches can be downloaded from the official Microsoft Web site or from

CD-Roms or floppy disks.

”Packaging Graybird as a Microsoft patch is a very devious trick,” says Chris Belthoff, a

senior security analyst at Sophos, Inc., an anti-virus and security company. ”Blaster is

believed to have infected hundreds of thousands of computers around the world, and this is a

deliberate attempt to exploit users’ panic. Never trust unsolicited executable code that

arrives via email. Businesses should consider blocking all executable code at the email

gateway so it cannot reach their users.”

Users will be getting its Windows patches from a different Microsoft Web address than usual.

Because of the Blaster worm, Microsoft also has killed off its windowsupdate.com Web site.

The Blaster worm was launching a distributed denial-of-service attack (DDoS) through

infected computers against the windowsupdate.com Web site starting on Saturday, Aug. 16.

Instead of suffering through the attack or trying to ward it off, Microsoft simply shut down

the address.

Users can access Windows patches via the www.Microsoft.com site or the new

http://windowsupdate.microsoft.com site.

”Users should not think this step means they no longer have to do anything about the

Blaster worm,” says Graham Cluley, senior technology consultant for Sophos. ”All computer

users still have a responsibility to ensure this worm has no hiding place on their PCs. So,

install the patch from Microsoft, ensure your firewall is properly configured, and confirm

your anti-virus is up-to-date.”

The Blaster worm was first detected on Aug. 11. It quickly spread from machine to machine

across the globe through a flaw in the Windows operating system. But the worm doesn’t carry

a destructive payload, only causing a small percentage of infected computers to reboot

because of a flaw in its own coding.

Instead, Blaster, otherwise known as LovSan and Poza, is specifically aimed at causing

trouble for Microsoft. The worm is geared to harvest as many vulnerable systems as possible

and launch a DDoS attack on the windowsupdate.com Web site. By focusing all the net

congestion on that Web site, the author of the worm was deliberately trying to make it

difficult for IT managers and individual users to download the patch they need to secure

their systems against the worm.

Blaster exploits a flaw in the Remote Procedure Call (RPC) process, which controls

activities such as file sharing. The flaw enables the attacker to gain full access to the

system. The vulnerability itself, which affects Windows NT, Windows 2000, Windows 2003 and

Windows XP machines, affects both servers and desktops, expanding the reach of any exploit

that takes advantage of it.

Where the vulnerability affects servers and desktops in such popular operating systems,

there are potentially millions of vulnerable computers out there right now. The security

industry sent out a widespread warning about two weeks ago, spurring many companies to

install the necessary patch, which was available from Microsoft a month ago.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020