Internet worm epidemic worse than suspected

In case you are unfamiliar with the term, a "worm" is a self-replicating computer virus that can spread across networks. The worm known as "Blaster" or "MSBlast" exploits multiple vulnerabilities in the Microsoft Windows operating system in order to infect a machine and spread copies of it. New data from Microsoft suggests that at least 8 million Windows computers have been infected by Blaster, a much higher number than previously thought.

Here is a statistic I find shocking:
A survey of 2,000 computers completed by Symantec found that, on average, a system will receive a network packet from a MSBlast-infected computer within one second of connecting to the Internet.

And "Blaster" is just one of many worms that behave in this manner. The log files of firewalls and intrusion detection systems are quickly packed with events that indicate a worm scanning addresses for vulnerable computers to infect. I have recorded as many as 300 attempts in one minute after connection a computer to the Internet.

As if we needed more evidence that the Internet was a hostile environment! This underscores the importance of keeping MS Windows up to date on security patches and running an antivirus program with the latest detection signatures. Unfortunately, the concept of patches and signature updates is going to be inadequate soon because the length of time between the revelation of vulnerability and the emergence of a worm to exploit it has dropped to a matter of days.

[more info]

Symantec

CNet.com

Microsoft

[Edited on 5-4-2004 by Spectre]

Is there anyway to check for this worm? I'm pretty careful about what I allow access to the internet. But you never know what sneaks in.

Originally posted by meddled
Is there anyway to check for this worm? I'm pretty careful about what I allow access to the internet. But you never know what sneaks in.

This Blaster worm is an oldie, but still causing problems. If you had it running on your machine it would probably be so unstable that you would not be with us on the board. To be safe, though, scan your computer with antivirus using the latest sigs and make sure that "Windows Update" doesn't have any critical patches for you to download (if there are apply them ASAP). To check for Blaster specifically Symantec has a cleaning tool you can download here

You are 100% right. It is always better to err on the side of caution. There is a free AV program if you need one, AVG . I have been very happy with it. AVG Antivirus You can't beat the price.



[Edited on 5-4-2004 by Spectre]

Hi Spectre!!

Very many thanx for the "heads up" about the proliferation of worms/ viruses/ trojans etc on the Internet. The advice about using an Anti Virus Program is well said. Firewalls might also help of course - ZoneAlarm provide a free version - again, it's the sort of price that we like to pay!!

Genya- Firewalls, harnware and software, are essential tools in the fight, and ZoneAlarm is a good one. There are worms out there that can completely avoid detection by antivirus software because they never get written to the hard disk, running only in memory. "Slammer" and "Witty" spring to mind. The only defense against that type is a well-patched systems and a properly configured firewall.

When I read the Symantec and CNet articles that prompted my post I shared the information with a friend of mine. When he came over this morning we set up a test to see how prolific worm scans were on my cable modem network. I configured a computer that was up-to-date on patches with intrusion detection, then configured the router to expose its IP address to the Internet, and 3-2-1-Go! clicked the "apply settings" button and started a count. At two minutes the IDS had logged scans from the "MyDoom," "Slammer," "Nimda," and "Lovegate" worms. We never duplicated Symantec's 'one second' results but did confirm that it's a cruel world out there.

Run a G4 Mac with OSX.
S.

No kidding. The last Mac worm/virus was unleashed in, what, 2001? Even though I have been a Windows user for years I am considering converting a machine to Linux for my Internet use. I just don't know if I can learn new tricks! It is the most attractive alternative since I can use hardware i already own and the OS is free.

Macs have less viruses, it's true. However this is because they are less popular, not because of some huge inefficiency in the design of a PC. It is also true of Linux, Beos and my old Commodore pet.

My PC is behind a firewall behind a router and have live updates of my virus scanner constantly. I avoid outlook when possible and I've yet (touch wood) to have a problem. My broadband connection has been up for over two years now. It's the people who open email attachments and rarely update thier virus dat files that cause most of the problem.

$0.02



[Edited on 5-4-2004 by Zzub]

Linux is not without its faults Spectre. Its limited end user base makes it unattractive for virus writers but there have been plenty of security patches from the vendors over the last year or so.

Originally posted by titian
Linux ..... plenty of security patches from the vendors over the last year or so.

Indeed, I get many more security update emails from the RedHat Network than I do fromMicrosoft.

Security under linux never actually feels secure to me, without the array of software/hardware protection that a good Windows installation has.

ZZub, that's why you don't rely on the OS for security. I've used LinkSys broadband routers since time warner first introduced cable modem service in Tampa with no problems. I prefer a hardware solution versus strictly a software firewall and/or AV software. The router logs are very interesting sometimes as you can find compromised computers left and right. Very interesting stuff on some of them...

I am not trying to suggest that Linux is some sort of panacea for Internet woes, just a possible alternative. I don't see myself moving away from Microsoft anytime soon since that is where the majority of my experience lies. As Zzub said, being cautious is the key. Using MS/PC platforms and third party software, I have never been the victim of a malicious software attack. I have let them hit machines on purpose to see what they do, I admit, but nothing has gotten past this layered defense. Staying informed about new threats and vulnerabilities is vital, too. I am in danger of getting drowned in alerts from AV providers, security watchdogs, etc. but it has been worth it to stay ahead of the curve on emerging threats.

The lists of compromised computers that appears in my firewall logs is handy. People do indeed keep interesting things on their computers.

i run the network for our office, and yes things have been getting much worse in terms in viruses/worms lately. the last time i checked, about 15% of all email traffic hitting our servers was a virus/worm/etc that our servers caught.

Last month our email server stats showed that spam and virus messages now make up more than 60% of all the message traffic it handles. Isn't that just insane? Some have quoted higher numbers than that. "netsky" by itself make a huge spike in the numbers.

Here's a crazy theory.?
Virus writers, Hackers, Cyberterr', whatever you want call them
get no RESPECT/KUDOS from their peers for writing a whatever
'virus' for an open source o/s. Kudos is only gained when a
hacker creates a new pest on what is meant to be "secret"...

news.com.com...

Uncompressed, 660mb of Billy's Secret Source.
S.

It's the challenge of writing a virus and seeing how long it can propagate. Am I a virus writer -- no.

As a software developer however I can tell you that it does not take a genius to write these things. Just a little bit of research and some out of the box thinking. Virus writers depend on the average user's inability to lock their machine down or the average user's tendency to open every e-mail.

If we had smart users there would be no need for antivirus firms. Hmmm, think about that one, did you ever ponder the thought of whether the AV firms were in on the virus writing? How better to justify your necessity to corporate America?

My PC is behind a firewall and I also have anit-virus protection. Both are Norton. I also use the auto update, which sends out email alerts, too.
I don't rely on Microsoft much because by the time they get to it, it could be too late.

I've gotten lots of infected emails, esp with the last big glut several weeks ago. That is because my former co-workers send emails to me. The employer is VERY lax with anti-virus protection, and the employees are always dumb enough to open those infected emails

Knock on wood, my PC has so far escaped unscathed!!!!!

Originally posted by titian
It's the challenge of writing a virus and seeing how long it can propagate. Am I a virus writer -- no.

As a software developer however I can tell you that it does not take a genius to write these things. Just a little bit of research and some out of the box thinking. Virus writers depend on the average user's inability to lock their machine down or the average user's tendency to open every e-mail.

If we had smart users there would be no need for antivirus firms. Hmmm, think about that one, did you ever ponder the thought of whether the AV firms were in on the virus writing? How better to justify your necessity to corporate America?

Yes titan,
I have thought for years that there something going on.
Sort of a circular drip-feed of threats, so microsoft based users
keep paying for 2nd party solutions.
Ka-ching!.....Thank You, Come again!
S.

with spam and viruses im seeing slightly over 50% of emails on our servers. worse is that the trend is heading upwards

with spam and viruses im seeing slightly over 50% of emails on our servers. worse is that the trend is heading upwards