Blaster worm remembered six years after it hit Windows

Today marks the sixth anniversary of the Blaster worm.

The Blaster Worm, which was also known as Lovsan or Lovesan, spread on computers running the Microsoft operating systems Windows XP and Windows 2000. It was first noticed and started spreading on 11th August 2003 with a peak on the 13th August.

Sixteen days later Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota was arrested for creating the B variant of the Blaster worm; he admitted responsibility and was sentenced to an 18-month prison term in January 2005.

Another Blaster copycat author Dan Dumitru Ciobanu, then 24, was arrested by Romanian police for creating a relatively tame variant of the malware.

Court papers showed that the original Blaster was created after a Chinese hacking collective called Xfocus reverse engineered the original Microsoft patch that allowed for execution of the attack.

Blaster then spread by exploiting a buffer overflow discovered by the Polish hacking group ‘Last Stage of Delirium'. This allowed the worm to spread without users opening attachments simply by spamming itself to large numbers of random IP addresses. Four versions have been detected in the wild.

Blaster was programmed to start a SYN flood on the 15th August against port 80 of windowsupdate.com, in order to create a distributed denial-of-service attack (DDoS) against the site.

However Microsoft ensured that the damage was minimal as the site targeted was windowsupdate.com instead of windowsupdate.microsoft.com to which it was redirected. It temporarily shut down the targeted site to minimise potential effects from the worm.

Sign up to our newsletters