Tick-Tock: Microsoft Counts Down To Blaster Denial-Of-Service AttackTick-Tock: Microsoft Counts Down To Blaster Denial-Of-Service Attack

As companies and home users diligently recover from the damage the "Blaster"--aka LoveSan--worm wrecked on their systems, Microsoft is preparing for the moment when the Blaster worm sets all the 300,000-plus remaining infected systems against its own systems.

When the clock strikes midnight tonight (based on the local time of the infected system) many of those newly Blaster-infected systems are set to send a steady stream of bogus requests to connect to the windowsupdate.com Web site. It's a type of denial-of-service attack called a Transmission Control Protocol SYN flood attack.

With more than 300,000 systems potentially flooding windowsupdate.com, the Internet could witness the most powerful distributed denial-of-service attack to date, experts say.

Stephen Toulouse, security program manager at Microsoft, is keeping mum on precautions the software maker is taking to prevent the attack from crippling its site. But, Toulouse says, "We are taking this very serious. We're taking steps to make sure our customers can get the patches they need to protect their systems."

The windowsupdate.com Web site is not the only site users can use to get the patch needed to protect their systems from the Blaster worm. Users can go to www.microsoft.com/security, view Microsoft Security Bulletin MS03-026 and download the patch from there, even if the Blaster worm successfully knocks the windowsupdate.com Web site offline. They can also go to download.microsoft.com to get the patch.

Dan Ingevaldson, team lead for the X-Force security research team at Internet Security Systems Inc., says company networks may or may not notice performance degradation when Blaster awakens, depending on how many infected systems are on a company's particular network. "It could really be a drag on home users using cable or DSL to connect to the Internet," he said.

Vincent Weafer, a senior director at Symantec Corp.'s Security Response team, says the attacks against Microsoft will begin late Friday afternoon as clocks strike midnight in Japan, Australia, and Korea, and will really heat up when at midnight on the eastern coast of the United States.

While security experts aren't sure what the implication of Blaster's strike against Microsoft will be for overall Internet performance, Weafer is certain of one thing. " I think Microsoft will survive it," he says.