|
Worms and Cretins
Cretin: NOUN: 1. A person afflicted with cretinism. 2.
Slang. An idiot.
I prefer worms in the soil,
aerating and doing whatever else it is worms do to occupy
their time. Cretins are fine as long as they don't have a
computer. Unfortunately there is no shortage of cretins
sitting at computer keyboards. Don't believe me? Then
obviously you aren't aware of the MSBlast and Sobig.F worms
that have been unleashed recently by a group of computer
literate cretins.
It couldn't have been more
than a matter of minutes after MSBlast (aka Blaster/Lovesan)
was released that the e-mail started pouring in asking why
computers were spontaneously rebooting every few minutes while
displaying an RPC error message. The answer was simple in
almost every case. You've contracted a bad case of MSBlast.
I'd really like to say that the worm infection was something
well beyond user control, but it just isn't true.
Like it or not, protecting your system against cretins that
spread worms across the internet is a responsibility that lies
strictly on the users shoulders. In the MSBlaster case, Microsoft
Security Bulletin
MS03-026, Buffer Overrun In RPC Interface Could Allow Code
Execution (823980), was posted on July 16, 2003. Look in Windows
Update Catalog (a description
is here) and you'll find the Security Update is readily
available for download and installation. If your system is infected
and you are having trouble identifying the needed update, look for
the one labeled MS03-026: Security Update for Windows XP
(823980). If you're still having trouble or prefer not to
use Windows Update or it's inaccessible, go
here and download the patch directly.
In addition to the above links
Microsoft has put together a special
Frequently Asked Questions (FAQ) page devoted entirely
to the Blaster worm. The
Symantec Security Response page for Blaster is another
source of information. And finally, another Microsoft page,
What You Should Know About the Blaster Worm and Its Variants,
gives some very detailed information on Blaster and the steps
needed to rid yourself of this scourge.
So much for Blaster and what
to do if you're infected. The real question is; What is it
going to take for you to be prepared for the next virus or
worm event? Actually, the next event is already here, or at
least a variation on a previous event. The Sobig.F worm is
working its way through systems at an alarming rate even as
I'm typing this column. If you own a dot com name that's
relatively popular I'm sure you're well aware that Sobig.F is
running wild thanks to unprotected systems and users that will
click on any attachment that finds its way to the inbox.
If you're running a system
that's connected to the internet and don't have up to date
anti-virus and firewall protection installed, the chances are
good that you're contributing to the problem of spreading
virus and worm infestations rather than being a part of the
solution. If the majority of systems were properly updated
with Critical Updates and Hotfixes and running current
anti-virus and firewall protection, MSBlaster and Sobig.F
would for the most part be non-events. Of course users also
have to curtail the insatiable curiosity to open every
attachment that comes along, but one step at a time.
|
