• United States
Senior Editor, Network World

Symantec: Blaster victims top 330,000 machines

Aug 14, 20032 mins

The Blaster worm – also known as MSBlast or LoveSAN – has hit at least 330,000 machines around the world as of Thursday afternoon, according to Symantec, which has been tracking the spread of the worm since it first appeared Monday.

“The actual number is probably much larger,” acknowledged Vincent Weafer, senior director for security response at Symantec, which has a worldwide tracking system of firewalls, intrusion detection systems and other equipment to tally an estimate.

Symantec said the count could be as much as a million, making Blaster one of the most widespread computer worms ever, though still probably a bit behind the notorious Nimda, SQL Slammer and Code Red. Another security firm, RedSiren, is pegging the damage in terms of lost productivity related to IT staff detecting and cleaning infected systems to be at least $320 million alone.

Even as the machine “body count” rises on the unpatched XP, NT, Windows 2000, Windows 2003 machines blasted by Blaster, one of Microsoft’s arch-rivals, Sun, took the occasion to remind the world that there are alternatives to Microsoft-based products.

Sun director of marketing in the desktop solutions division, Peder Ulander, noted that the company in September is scheduled to unveil its Linux- and Solaris-based product suite called “Mad Hatter,” which includes Java-based office-productivity applications.

“It will have product functionality that will give enterprises 80% of what they need,” Ulander claimed. “It’s e-mail, presentation software, graphics, a database, contact management, the mozilla browser.”

Mad Hatter as a suite will also include instant messaging, collaboration software and a server for identity management. Ulander said companies should consider it an alternative to Microsoft-based products that are so subject to viruses, worms and security flaws.

Even as Blaster continues to spreading, and is expected to launch a denial-of-service attack against the Microsoft Windows Update site this Saturday, there are concerns among security professionals that a new round of Blaster-like worms is on the way.

So far, there are known to be at least two “B” variants on Blaster that carry Trojans. Up till now there is no evidence that either of these are taking off in the same way as Blaster has so far, according to both Network Associates and Symantec.