3 of 17Image
In summer 2003, if you were a PC support specialist, the dialog box above meant that your life was hell. The malicious software attack called MSBlast/32 (aka Blaster) spread over networks using the RPC protocol and caused affected computers to go into a spontaneous reboot loop. This contemporaneous SANS writeup notes that this worm had the potential to be more than annoying: It could have allowed an attacker to run code with Local System privileges on the compromised system. Fortunately, whoever wrote Blaster was apparently more interested in creating havoc.
Blaster’s incredible effectiveness was directly attributable to a terrible decision Microsoft made with Windows XP, which included an effective firewall that was turned off by default.
Windows has included an update utility since Windows 95, and Automatic Updates were introduced with Windows Me in 2000.
It wasn’t until 2003, however, that Microsoft systematized its process for issuing security updates. Security updates are provided on the second Tuesday of each month—Patch Tuesday. Non-security updates are provided on the fourth Tuesday of each month. Microsoft began this program so that corporate customers could plan for testing and installation of security updates. Although it was a controversial decision, today it’s generally regarded as effective.
On rare occasions—once a year or so—Microsoft releases an “out of band” update to address an issue that can’t wait till the next month’s Patch Tuesday.
This was one of the first truly creative mass-mailing worms, using an extensive menu of options to fool recipients into clicking the malicious payload. It mixed and matched subjects, message bodies, attachment names, and fake assurances that the file had been scanned by a reputable antivirus program and declared clean. The author was an 18-year-old German, who had also written the infamous Sasser worm.
Netsky was annoying (one variant caused infected PCs to beep in the wee hours of the night) but not destructive. (This CA writeup has more details.)
The source code contained numerous insults aimed at other virus writers.