Microsoft Declares End To Major Combat Operations

The Financial Times is reporting that Microsoft claims victory over Blaster worm:

Microsoft said it had thwarted a hacker's attempt to attack the software maker's most important website with a computer worm that itself contained a critical flaw.

The so-called Blaster worm, which still infects an estimated 300,000 computers worldwide, was programmed to bombard the Windows Update site from the stroke of midnight in each country Saturday morning. The attacks began midmorning Friday in the United States when clocks on infected computers in Australia struck midnight.

But security experts said the worm was poorly designed because it targeted the "windowsupdate.com" website, which redirected users to Microsoft's update page, "windowsupdate.microsoft.com", rather than targeting the actual update page itself.

I think Microsoft's declaration will have as much validity as Bush's "Mission Accomplished" stunt. I'm still getting scanned about 20 times an hour by computers just on my ISP's network which are still infected with Blaster, and all Microsoft did was skirt a poorly-executed attack. We are not out of the woods yet by any stretch. Given the company's track record with security, I'm not feeling good about the next inevitable incident. I'm sure a programmer who's less lazy than Blaster's is cooking up a good one.

So if you haven't done so yet, patch your machine now. Don't become a poster child for bad security like your esteemed blogger, who really should know better.

ntodd  ¶ 4:10 PM