We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is the Blaster Worm?

By Jeremy Laukkonen
Updated: May 16, 2024
Views: 6,847
Share

The blaster worm was a malware computer program that first propagated over the Internet in 2003. Within a few days of its appearance in early August of 2003, the worm had infected several hundred thousand Windows-based computers. The blaster worm was not a zero day attack, as it exploited a security hole that had actually been patched in July of that year. Computers that already had the patch were not vulnerable, and those that could successfully download it were then protected from further exploitation. One of the functions that the blaster worm carried out was to use infected computers in a series of distributed denial of service (DDoS) attacks on the servers responsible for providing the security patches.

In July of 2003, Microsoft® released a security patch relating to the distributed component object model (DCOM) remote procedure call (RPC) protocol. Hacker groups were able to reverse engineer the patch to discover and then exploit the vulnerability it was meant to fix. They designed a worm using a file called MSblast.exe, which is where the name blaster comes from.

The blaster worm was designed to propagate directly through the Internet, and did not require a user to download a file or open an attachment. Once a computer was infected, the worm would contact a large number of Internet protocol (IP) addresses on port 135. If a vulnerable Windows XP® machine was contacted in this manner, the worm could replicate itself and then repeat the process.

One consequence of blaster worm infection was participation in a timed DDoS attack. Each infected computer was set to direct a large amount of traffic at the servers responsible for distributing patches. These attacks depended on the local clock of the infected computer, resulting in a continuous wave of excess traffic directed at the servers. This strategy prompted eventual changes to the way these update systems work, so that critical patches would remain available in the face of future attacks.

Once the nature of the infection was discovered, many Internet service providers (ISPs) began to block traffic on port 135. This effectively stopped the propagation of the worm across these ISPs, though a large number of machines had already been infected. As cleanup operations began, a number of variants began to appear. Of these variants, one used the same exploits to attempt a forced patch of the problem. This has been referred to as a helpful worm, despite the fact that it resulted in a number of problems of its own.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
Share
https://www.easytechjunkie.com/what-is-the-blaster-worm.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.