Bugs and Fixes: Halt Worms and Viruses in Their Tracks
By Stuart J. Johnston
Remember the virus blitz that struck late this summer? First, we were bombarded by the Blaster worm, and then by variants of the Sobig virus. Further, Microsoft had discovered, as of this writing, three new holes similar to the ones that Blaster exploited. If you haven’t already, go to
Microsoft Security Bulletin MS03-039 to grab Microsoft’s fix and keep hackers off your turf.
Welcome to the new era of viruses. Blaster and its subsequent variants are good examples of how yesterday’s “theoretical” attacks become today’s real-world problems. The security sleuths who find holes in software often publish online the code they used to expose the weakness. And in the case of Blaster, cyberthugs were able to employ the code to create a catastrophic worm.
So expect crackers to cook up attacks more quickly than before. That means you need to step up your defense practices, now more than ever.
What You Can Do
Update your virus definitions regularly–ideally on a daily basis. Just as often, visit sites that document the latest threats to find out what subject lines and file-attachment names the newest viruses are using. Look at
Symantec , and
Trend Micro .
Install Microsoft’s “critical” updates (go to
Microsoft Windows Update), but be careful. I always look out for any serious problems with patches before I adopt them, though I don’t wait longer than a week or so. I usually visit support forums to read users’ descriptions of problems. My favorites:
Microsoft Technical Communities,
Tech Support Forum, and
WinGuides Support Forums. If I read any reports about a patch causing crashes, problems with the operating system I use, or conflicts with installed programs (such as a particular antivirus application), I steer clear of the patch for a while.
On top of being proactive about virus research, there are other things you can do. Be skeptical about e-mail attachments even from people you know, unless you are expecting something; the same advice goes for strange subject lines. Avoid looking at suspicious e-mail messages in preview mode. Better yet, disable the preview feature entirely.
Whenever you step away from your computer, put your machine into hibernation or standby mode. Doing so will help stop attacks like Blaster, which infected systems by wandering the Internet looking for PCs with communications ports left unguarded.
The frustrating thing is that Microsoft had already released a patch for the very security hole that the Blaster worm exploited a month later (the fix is rolled into the patch mentioned in the first paragraph). To head off potential problems, Microsoft says, it may soon make automatic installations of updates the default setting in Windows. (See this month’s
News and Trends for a report on Microsoft’s proposal.) I think that’s a bad idea. Sure, such automation may help prevent the rapid spread of virus infections. But allowing Windows to automatically download and install updates that may be half-baked could be dangerous for your PC’s health.
NetGear Routers Wage War on University
Who knew that the University of Wisconsin was on Netgear’s blacklist? Just kidding. Netgear released fixes for several of its routers after the University of Wisconsin at Madison discovered that thousands of the company’s units were flooding the university with time server requests (see ”
Flawed Routers Flood University of Wisconsin Internet Time Server“). Such attacks are usually deliberately created by crackers. In this case though, the blizzard of requests was created by Netgear routers all over the world asking “What time is it?” thanks to a bug in the firmware for models RP614, RP614v2, DG814, MR814, and HR314. If you own one of those units, you can download an updated version of the firmware at
Found a hardware or software bug? Tell us about it via e-mail at