MSBlast hit some organisations hard

Since the MSBlast worm appeared yesterday the malicious program has infected more than 188,000 machines and swamped net connections with traffic as it looks for fresh hosts.

Many people struggled to download patches to protect themselves as the virus made it hard for them to connect to the net.

At its height the virus was taking only 30 seconds to find uninfected computers.

Scanning spreads

Unlike many recent viruses the worm travels around by itself and tries to infect any vulnerable Windows computer connected to the net.

It takes over a machine by exploiting a bug in the way that many versions of Microsoft Windows handle the transfer of files across the net.

Once a machine is compromised it starts searching for other machines to infect usually on the small section of the net that the host PC is using.

AFFECTED SYSTEMS Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 Terminal Services Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003

The vulnerability that MSBlast, also called Lovsan, exploits has been known about for almost a month and many firms have been preparing their defences against a virus written to exploit it.

As a result many organisations had patched computers before the worm struck, to limit the damage it could do.

But home users and small businesses tend not to be as diligent as larger companies at keeping computer security up-to-date and many home PCs have been taken over by MSBlast.

As an experiment security firm F-Secure put an unprotected PC on the net to see how quickly it would be infected.

Early on Tuesday it took about five minutes 30 seconds before the machine was found and infected. But by 3pm the same PC was being found and infected in 27 seconds.

According to statistics from Symantec the US and UK have the highest number of infected PCs.

HOW TO AVOID MSBLAST Keep anti-virus software up to date Use a firewall on broadband connections Apply patches to close vulnerabilities Apply cleaning programs to infected machines

Anti-virus firm Sophos said many home users may not realise that they are infected with the virus which makes machines slow down and re-boot periodically.

The company said users may just believe this is an everyday glitch and take no action.

Large organisations are being caught out by the virus too. In Maryland in the US, the state's Motor Vehicle Administration which issues driving licences and car registrations, was closed as its computer systems were knocked out by the worm.

Also hit was the Federal Reserve Bank of Atlanta, government offices in Hong Kong, Swedish net provider TeliaSonera and German car maker BMW.

MSBlast has not done as much damage as the Slammer worm that struck in January which shut down some cash machine networks and caused widespread net disruption.

But so many machines infected by MSBlast were scanning for new victims that some of the internet's backbone networks were starting to feel the effects.

Keynote Systems, which monitors net traffic times, said average travel times for data passing between net firms on America's West and East coast is usually 85 milliseconds.

As MSBlast began to hit its stride this average travel time grew to between three and nine seconds.

The worm can be cleared by downloading a patch to close the vulnerability it exploits and by running removal programs created by anti-virus firms. Unlike some other worms MSBlast cannot be cleared by simply rebooting a machine.