Your Peace of Mind is our Commitment

Contact Us 繁體中文 English Recent Articles

Blaster Worm should have been no problem

First published: 13th August 2003

A new worm called W32/Blaster.A started spreading in the early hours of the 12th of August, Hong Kong time but Allan Dyer, Chief Consultant at the local information security company, Yui Kee Computing Ltd. says the outbreak was preventable.

Mr. Dyer described the outbreak, "During Tuesday, we received a small number of enquiries from companies that had been infected, and we blocked a far larger number of connection attempts by the worm at our firewall." In fact, Yui Kee recorded over 37 thousand attempted attacks on their systems during Tuesday. "Obviously, there are a large number of systems on the Internet that got infected, but the administrators of those systems could have prevented it", Dyer continued.

Good information security management will have multiple lines of defence, some of the measures that would have prevented the spread of W32/Blaster.A include:

  • A firewall: "Least privilege" firewall rules would have blocked the connection attempts made by the worm, preventing it from entering companies. Home users and SMEs can use personal firewalls.
  • Updating systems: Software developers issue security patches for their products when a vulnerability is found. In this case, Microsoft issued a patch in Microsoft Security Bulletin MS03-026 on the 16th of July 2003. Fixing the vulnerability was described as "critical". Administrators have had almost a month to apply the patch.
  • Tracking the information security news for important alerts. Yui Kee first notified the users of its' YKAlert service about the vulnerability announcement on the 17th July (Hong Kong time). They were alerted again on the 1st of August when CERT/CC advised that the vulnerability was being exploited. YKAlert users were alerted about the outbreak of W32/Blaster.A on 12th August at 07:05, before it had become widespread and in sufficient time to take emergency action.

    Dyer sent a stern warning to malware writers, "This is not about blaming the victim, the responsibility for this disruption clearly lies with the criminal who wrote and released this worm. He or she should face a court for this crime, just like Simon Vallor." Simon Vallor was jailed in the UK earlier this year for two years after being convicted of writing and releasing three viruses, known as Redesi, Gokar and Admirer. "However, prudent computer users and administrators will pay attention to safety and security, just like we do in the real world whenever we handle money, cross the road, or take another risk."

    About Yui Kee and YKAlert

    Yui Kee Computing Limited started its operation as the computing division of Yui Kee Company Limited in 1993 and became a separate company in 2000. Initially concentrating on Anti-Virus solutions, it now provides a range of Information Security products and services.

    YKAlert is a new service that delivers important alerts from multiple sources direct to your busy systems administrators by SMS or email.

    Our commitment is to give our partners and clients "Peace of Mind".

    For further information, please contact

    Hong Kong: Yui Kee Co. Ltd.
    Mr. Allan Dyer, Technical Director
    Tel: +852 28708555
    Fax: +852 28736164

    or visit the Yui Kee web site