Microsoft Web Site Hit by DoS Attack

With a new version of the W32.Blaster worm on the loose and rumored to be set to spawn a massive denial-of-service attack on a Microsoft Web site Saturday, the software maker has released a set of security guidelines for users in an effort to minimize the damage.

Ironically, the call for preventative measures came while the software maker was investigating another DoS attack on its site that occurred late Thursday. A Microsoft spokesperson said Friday the current attack is not due to Blaster, however, and that the company is still investigating the cause.

Meanwhile, the possibility of an attack from Blaster still looms.

Vicious Worm

The current variation of the W32.Blaster worm could affect computers running the Windows 2000, Windows XP, Windows NT and Windows Server 2003 software, Microsoft said.

The worm takes advantage of a known vulnerability in a Windows component called the Distributed Component Object Model.

The worm causes PCs to repeatedly crash and could potentially use infected machines to launch a DoS attack on the Windowsupdate.com site on Saturday.

The software giant is advising users of the vulnerable software to update their PCs with the latest patches and turn on Autoupdate to simplify the process for installing future updates. Users are instructed to install and use antivirus software and to use a firewall.

"Many resources have been deployed to help ensure that customers have the guidelines and tools they need to enhance their computer security," Microsoft's Senior Director of Trustworthy Computing Jeff Jones said in a statement released Friday.

New Tool Offered

Also on Thursday, Microsoft released a new tool that customers can use to scan computer networks for machines that are vulnerable to attack by the Blaster worm.

The tool works on a variety of Windows operating systems and enables Windows customers to confirm that a necessary software patch has been applied, according to Jeff Sharpe, a Microsoft spokesperson. That patch, MS03-026, was released in July and prevents infection from Blaster.

Microsoft is providing a link to the free tool on a special Web page set up to respond to the Blaster worm outbreak, which has affected hundreds of thousands of Windows machines worldwide.

However, David Litchfield, a security expert and cofounder of Next Generation Security Software in the U.K., says he is surprised Microsoft did not advise users to simply disable DCOM.

"DCOM is not needed by 99.9 percent of home users," Litchfield says, "but it is enabled by default." According to Litchfield, DCOM allows users to access to a program from another computer.

Massive Attack

The new Blaster worm first appeared on the Internet Monday and quickly spread. According to antivirus firm Network Associates, the worm had infected between 250,000 and 1 million computers as of Thursday.

Now Microsoft fears the infected computers will launch a DoS attack against its Windows update site, causing the site to run slowly or be inaccessible to customers.

While confirming a DoS attack brought down the company's main Web page, microsoft.com, late Thursday, spokesperson Sean Sundwall says windowsupdate.microsoft.com is unaffected by the attack and has not been not offline.

The software maker said Friday it is taking aggressive steps to keep the site up, but if it becomes inaccessible users will be able to access and download the Blaster patches at the company's security site. More detailed instructions on how to take the preventative measures are also detailed at that address.