We don't recommend you decide not to get the patch after all, but some antivirus firms said at midday August 14 that MSBlast's rate of infection has slowed a little further since the worm's first appearance, and that could mean a far-lesser attack against on Microsoft's Windows Update Website than initially feared. However, analysts from Asia think the worm may turn harder than people think.
Symantec, which makes the popular Norton Antivirus program, said they saw "exponential growth" in the worm, also known as Blaster, August 11, but that the spread had slowed markedly by August 14. And Network Associates vice president for antivirus emergency response Vincent Gullotto told CNET.com they were seeing a "continual" dropoff.
"Tuesday was the day it really had the opportunity to spread," he told the tech news site. "Our process today is really focused on any problems customers are having."
Cleverly enough, Blaster's payload is a synchronized, sustained denial-of-service attack against the Microsoft Windows Update site where users get the patch needed to clean out and stop the worm. The worm was written, reportedly, to launch the attack August 16, but CNET said reports continue coming in from security firms that home computer users – believed far more vulnerable to Blaster infection than business computers – were downloading the patch and deleting Blaster almost since the worm's appearance was reported.
Blast spreads by way of common Internet connections using a Windows flaw Microsoft patched in July, if they haven't patched that flaw. Some analysts have suggested Blaster was written specifically and only to harass the software empire, based especially on a message embedded in its code: "billy gates why do you make this possible? Stop making money and fix your software!!"
The first Blaster attack against Windows Update's Website is believed to be timed for launching in the Russian Republic at about 4 a.m. Pacific Daylight Time, CNET said, adding other analysts think Blaster is either spreading a little wider or more people are becoming aware of the worm.
Reuters reported later August 14 that Blaster was making Asia a little more nervous than countries in the West, with Hong Kong, Korean, and Singaporean authorities fearful that newer strains of Blaster might be a little more furious when launched than the original strain.
"Yet another variation was released today," said Han Myoung-gok of Korean security firm Hauri to Reuters, "and so things remain tense. We're not relaxing yet." Han told the wire service reported cases dropped in general August 14, but that didn't exactly mean there should be a drop in vigilance against Blaster.
