Virus Infects Microsoft Users’ PCs

A computer virus that takes advantage of weaknesses in Microsoft Corp.’s Windows operating system spread rapidly around the world Tuesday as Internet security specialists raised their warning about the potential threat posed by the Blaster worm.

Computer users large and small reported disruptions as Blaster spread to more than 100,000 computers worldwide since first being detected Monday morning, and national security officials feared copycats would appear in the next few days.

The worm is designed to cripple the Microsoft Web site where Windows customers can get a software patch to repair the flaw that Blaster is using to spread itself, according to Internet security specialists.

“It is trying to infect as many machines as possible” to launch the attack starting Saturday, said Sharon Ruckman, senior director of Symantec Security Response, an arm of Santa Monica-based Symantec Corp., an Internet security firm.

Ruckman said that Blaster, also known as Lovesan, has infected at least 127,000 computers worldwide. The computers that are vulnerable to attack are those that use Microsoft’s Windows 2000 and Windows XP operating programs.

Although Blaster is not designed to harm its host computer, the owners of PCs infected with the worm may notice delays in performing some functions or while on the Internet as Blaster looks for other computers to infect. In some cases, the worm has caused computers to crash.

In one of the largest reported disruptions, Blaster crippled the state of Maryland’s motor vehicle department, which closed Tuesday after the agency experienced problems with its computer and telephone network.

Unlike a computer virus that requires a PC user to open an e-mail attachment or perform some other function to spread itself, a computer worm does not require any human intervention to expand across the Internet.

“Once on the Internet, if you have not patched the [Windows] system, you could become infected and never know it,” Ruckman said.

Beginning Saturday, Blaster will direct all infected computers to send a stream of information to www.windowsupdate.com as part of an attack to overwhelm the site. The assault -- which is referred to as a denial-of-service attack -- will continue for the remainder of the year.

Blaster also includes but never displays a message with a reference to Microsoft’s chairman and co-founder, Bill Gates: “billy gates why do you make this possible? Stop making money and fix your software!!”

Last month, Microsoft revealed that hackers could take control of machines running its Windows NT, Windows XP, Windows 2000 or the recently released Windows Server 2003 operating systems by taking advantage of a vulnerability in the operating system. Windows users can download a patch to repair the problem at www.windowsupdate.com.

Security researchers and hackers already have written and published programs to take advantage of the vulnerability, prompting the U.S. Department of Homeland Security to issue an advisory urging people to download a software patch.

On Monday, Homeland Security officials reissued their advisory and warned in a statement that “it is possible that other worms based on this vulnerability will be released over the next few days as ‘copycat’ attacks.”

This month, a hacker attack left Microsoft’s corporate Web pages unavailable to visitors for nearly two hours in the first successful denial-of-service campaign against the company in at least nine months.