Worms and Cretins

Cretin: NOUN: 1. A person afflicted with cretinism. 2. Slang. An idiot.

I prefer worms in the soil, aerating and doing whatever else it is worms do to occupy their time. Cretins are fine as long as they don't have a computer. Unfortunately there is no shortage of cretins sitting at computer keyboards. Don't believe me? Then obviously you aren't aware of the MSBlast and Sobig.F worms that have been unleashed recently by a group of computer literate cretins.

It couldn't have been more than a matter of minutes after MSBlast (aka Blaster/Lovesan) was released that the e-mail started pouring in asking why computers were spontaneously rebooting every few minutes while displaying an RPC error message. The answer was simple in almost every case. You've contracted a bad case of MSBlast.

I'd really like to say that the worm infection was something well beyond user control, but it just isn't true.

Like it or not, protecting your system against cretins that spread worms across the internet is a responsibility that lies strictly on the users shoulders. In the MSBlaster case, Microsoft Security Bulletin MS03-026, Buffer Overrun In RPC Interface Could Allow Code Execution (823980), was posted on July 16, 2003. Look in Windows Update Catalog (a description is here) and you'll find the Security Update is readily available for download and installation. If your system is infected and you are having trouble identifying the needed update, look for the one labeled MS03-026: Security Update for Windows XP (823980). If you're still having trouble or prefer not to use Windows Update or it's inaccessible, go here and download the patch directly.

In addition to the above links Microsoft has put together a special Frequently Asked Questions (FAQ) page devoted entirely to the Blaster worm. The Symantec Security Response page for Blaster is another source of information. And finally, another Microsoft page, What You Should Know About the Blaster Worm and Its Variants, gives some very detailed information on Blaster and the steps needed to rid yourself of this scourge.

So much for Blaster and what to do if you're infected. The real question is; What is it going to take for you to be prepared for the next virus or worm event? Actually, the next event is already here, or at least a variation on a previous event. The Sobig.F worm is working its way through systems at an alarming rate even as I'm typing this column. If you own a dot com name that's relatively popular I'm sure you're well aware that Sobig.F is running wild thanks to unprotected systems and users that will click on any attachment that finds its way to the inbox.

If you're running a system that's connected to the internet and don't have up to date anti-virus and firewall protection installed, the chances are good that you're contributing to the problem of spreading virus and worm infestations rather than being a part of the solution. If the majority of systems were properly updated with Critical Updates and Hotfixes and running current anti-virus and firewall protection, MSBlaster and Sobig.F would for the most part be non-events. Of course users also have to curtail the insatiable curiosity to open every attachment that comes along, but one step at a time.