Worm blasts its way around globe

The Blaster worm is making itself felt on networks around New Zealand, but infected organisations have been able to limit the damage.

The Blaster worm is making itself felt on networks around New Zealand, but infected organisations have been able to limit the damage.

While network traffic levels are high around the country, several organisations are cleaning their systems of the worm itself.

University of Auckland information security manager Steve Taylor says the university was ready when Blaster hit.

"Obviously there was some infection, but we managed to contain it quite well because we did a lot of preparatory work when the vulnerability was first announced," he says.

"We've undergone an extensive patching programme over the past couple of weeks and of 9-10,000 machines on campus, only 400 were infected and within one day that was down to less than 90 and we expect to have them all cleared by [today]."

Auckland-based developer Peace Software was also hit, says general manager Ross Matheson.

“We did have some impact. It’s all been repaired now,” he said yesterday.

Technology chief Paul Grey says the effect of the worm was not major, affecting "some of our desktops, but not, as far as I’m aware, our development systems, because they’re all open systems-based”.

Some staff in the company’s US offices were affected earlier, he says, and that meant New Zealand did get a degree of “early warning”, which made the impact less severe than it might have been.

Research company NFO New Zealand was also struck early on Tuesday, although managing director Murray Campbell is downplaying the impact.

"It's nothing, really. Nothing to write a news story about."

Campbell says the infection knocked out NFO systems for "about 90 minutes" and the impact was minimal.

The Blaster worm doesn't appear to cause too much damage to infected systems - previous worms have deleted files or emailed documents; however, a flaw in the code can crash some machines.

The biggest problem Blaster is causing is a surge in network traffic.

TelstraClear's manager of solutions delivery and support, Peter Ambrose, says while overall the traffic increase is quite small, only about 1%, the telco has already dropped around 13 million packets of data.

"These worms tend to propagate pretty quickly."

Ambrose says TelstraClear won't be stuck with the bill.

"Because of the commercial agreement we have with our upstream provider no, we won't be paying for that traffic and neither will our customers."

The virus is also making itself felt in the US.

Maryland's Motor Vehicle Administration was forced to close all 24 offices and send several hundred staff home after being infected, according to The Baltimore Sun.

Philadelphia's city government has been badly hit with a third of its 15,000 PCs infected, according to NBC.

At the University of Florida, administrators were quickly able to stop the worm from spreading without affecting other applications in use on campus by blocking traffic to port 4444, according to Jordan Wiens, a network security engineer.

While Blaster uses port 135 to spread from computer to computer, it also opens a back door to the computer on port 4444 which is used to issue commands that download the worm code.

Paul Roberts of the IDG News Service's Boston Bureau contributed to this report.

Join the newsletter!

Error: Please check your email address.

Tags blaster

More about BaltimoreIDGNBCPeace SoftwareTechnologyTelstraClear

Show Comments
[]