Microsoft Corp. today pulled the WindowsUpdate.com Internet address in an effort to thwart an attack on its systems by computers infected with the Blaster worm, the company said today.
Blaster, also known as the DCOM or Lovsan worm, spread quickly this week, infecting as many as 1 million computers, according to some estimates. Infected machines were set to stage a denial-of-service attack on WindowsUpdate.com at midnight tonight.
But Microsoft removed the target by killing the domain name, the company said. Microsoft used the WindowsUpdate.com address to redirect Internet users to the software update site for Windows at windowsupdate.microsoft.com.
"WindowsUpdate.com is a nonessential address, so we just pulled it as part of our strategy to avert the worm," Microsoft spokesman Sean Sundwall said. "That creates problems for the worm."
Users can still get software updates by going directly to the Windows Update Web site that is part of the Microsoft.com domain. "The site is up and running, so people are getting their patches," Sundwall said.
Internet users who type the WindowsUpdate.com URL in their browser get an error message. Microsoft has deleted the Domain Name System (DNS) information for the domain, and it no longer sends traffic to an actual Web site. DNS is the address book for the Internet, the system that maps text-based Web addresses to numeric IP addresses. "The domain does not point anywhere; it is a dead URL. There are no plans to bring it back," Sundwall said.
Dumping the WindowsUpdate.com domain name may keep Microsoft from having to cope with another denial-of-service attack, but it doesn't stop the worm from infecting the systems of Microsoft customers, said Lloyd Taylor, vice president of technology and operations at Web performance management services company Keynote Systems Inc. "It is a particularly elegant solution, but it does not stop the spreading of the worm," Taylor said.
Computers infected by the worm were set to begin sending a constant stream of connection requests to the WindowsUpdate.com address at 12 a.m. local time on Saturday.