Now they know what's likely to come next: New attacks and variants that use the Blaster worm's approach and create more-destructive strains. "I'm now more concerned about the children of Blaster," says Alfred Huger, senior director of engineering at security software maker Symantec Corp.
Nov. 2, 1988: Morris, the original worm, starts at MIT and infects most of the Internet, which then was mostly universities and government
July 16, 2001: Code Red II, three days after the original, infects 359,000 machines in 14 hours
Jan. 25, 2003: SQL Slammer infects 75,000 systems in 13 minutes
Aug. 11, 2003: Blaster Infects more than 1.4 million systems in four days
McAfee Security estimates 1.4 million systems were infected last week, but that tally may go much higher, especially if variants succeed. Millions of computer systems likely remain unpatched, says Dan Ingevaldson, engineering manager for the security research group X-Force at Internet Security Systems Inc. By late last week, variants of the worm, ranging from changes in its name to minor tweaks in its code, began to surface. "All it takes is someone to grab the code and tweak it to make it better, faster, and much more destructive," Ingevaldson says.
Remember Code Red, the worm that wreaked havoc on the Internet in the summer of 2001? The one that caused the damage was actually Code Red II. It was an optimized variant of the original that swept through hundreds of thousands of vulnerable systems running Microsoft's Internet Information Services in a matter of hours.
Blaster actually wasn't that destructive a worm, Ingevaldson says. It doesn't work every time, and it crashes many victim's systems, which limits how quickly and widely it spreads. Ingevaldson says a more dangerous version would spread faster, not crash infected systems, and contain means to steal or destroy data: "It doesn't take much to make these worms more destructive."