The Blaster worm - also known as MSBlast or LoveSAN - has spread rapidly since it was first noticed on Monday. It has infected an estimated 188,000 systems running Microsoft operating systems, including Windows XP, Windows 2000, Windows 2003 and NT, that are unpatched for the so-called RPC vulnerability discovered last month, according to a security firm tracking the worm.

Alfred Huger, senior director of engineering in Symantec's Security response division, says the 188,000 number as of Wednesday afternoon is a good-faith estimate based on information Symantec is receiving worldwide from a range of sources and tracking systems. He notes that 188,000 infected hosts is a fairly substantial rate of infection, though it still falls far below the several hundred thousand infections attributed to other computer worms in the past, including Slammer, Code Red and Nimda. Like those worms, Blaster is causing disruptions because of its wild and destructive scanning to hunt for new victims. This scanning causes massive congestion inside corporate networks it manages to infect.

"We are getting reports of network congestion caused by this," Huger notes, pointing out that companies are having to shut down computers to clean out the Blaster worm. However, he adds: "We have more to fear from the children of this worm than the worm itself."

There are concerns that any new variation of Blaster, whose main purpose is to infect computers in order to launch a denial-of-service attack on the Microsoft windowsupdate.com site on Aug. 16, could be much more dangerous. For example, a new variant could carry a payload that destroys files while it's taking over computers – something that Blaster doesn't do.

Huger predicts that Microsoft will be able to successfully defend its Web site against any on-going DoS attack that begins on Aug. 16, given the advance notice Microsoft is getting. But other security experts are not so sure.

Dan Ingevaldson, engineering manager at the X-Force rapid-response division of Internet Security Systems, says Microsoft may find it hard to ward off an attack since the Blaster worm is not programmed to look for a specific IP address, unlike the infamous Code Red worm which targeted the White House Web site. Blaster is programmed to search for the windowsupdate.com domain name itself. An IP address could be easily changed, but this process is not so simple to protect a domain name.

Although Blaster is travelling fairly quickly, Huger pointed out it could be infecting at a higher rate if the Blaster code were better designed.

"The worm is poorly written," said Huger. It sometimes takes down computers instead of infecting them, and when it does infect them, sometimes the Blaster code simply fails to do anything else.

Microsoft has made patches available for the RPC vulnerability, which was identified last July, but the spread of Blaster’s infection shows many Microsoft-based computers remain unpatched.