Archive for Tuesday, August 12, 2003

Internet infection that exploits Windows flaw spreads rapidly

August 12, 2003


— A virus-like infection that was the subject of urgent U.S. government and industry warnings spread rapidly Monday across the Internet, causing computers to mysteriously restart and coordinating an electronic attack against Microsoft Corp.

Security experts said the infection, which exploits an unusually dangerous flaw in Windows software, wasn't yet seriously disrupting Internet traffic but posed that risk as it was expected to continue spreading quickly overnight.

Researchers discovered it around 2 p.m. CDT, and reported that tens of thousands of computers inside universities, businesses and homes were infected.

"It seems to be taking off fairly quickly," said Johannes Ullrich of Boston, who runs the D-Shield network of computer monitors.

Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft on Saturday. The site,, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections.

Microsoft offers a free patch on the Web site to protect Windows users.

The infection was quickly dubbed "LovSan" because of a love note left behind on vulnerable computers: "I just want to say LOVE YOU SAN!"

Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"

Government and industry experts have anticipated such an outbreak since July 16, when Microsoft acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software.

"It's much too early to expect to see any (Internet slowdowns) whatsoever," said Vincent Gullotto, a vice president at Network Associates Inc. "It really depends on how much it spreads."

The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands.

Commenting has been disabled for this item.