Blaster worm remembered six years after it hit Windows

News by SC Staff

Today marks the sixth anniversary of the Blaster worm.

Today marks the sixth anniversary of the Blaster worm.

The Blaster Worm, which was also known as Lovsan or Lovesan, spread on computers running the Microsoft operating systems Windows XP and Windows 2000. It was first noticed and started spreading on 11th August 2003 with a peak on the 13th August.

Sixteen days later Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota was arrested for creating the B variant of the Blaster worm; he admitted responsibility and was sentenced to an 18-month prison term in January 2005.

Another Blaster copycat author Dan Dumitru Ciobanu, then 24, was arrested by Romanian police for creating a relatively tame variant of the malware.

Court papers showed that the original Blaster was created after a Chinese hacking collective called Xfocus reverse engineered the original Microsoft patch that allowed for execution of the attack.

Blaster then spread by exploiting a buffer overflow discovered by the Polish hacking group ‘Last Stage of Delirium'. This allowed the worm to spread without users opening attachments simply by spamming itself to large numbers of random IP addresses. Four versions have been detected in the wild.

Blaster was programmed to start a SYN flood on the 15th August against port 80 of, in order to create a distributed denial-of-service attack (DDoS) against the site.

However Microsoft ensured that the damage was minimal as the site targeted was instead of to which it was redirected. It temporarily shut down the targeted site to minimise potential effects from the worm.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews