Wed. Aug 13, 2003
Worms in the System
Worms in the System – You’ve probably heard about the worm, maybe even been hit by it (here’s some good directions for removal). Here at Bunker PD we’re protected by a dumb router that bounced the smart worm away, but that doesn’t mean I was unaffected by it. And that’s why I can state this particular part of this story is at least partially false.
“Atlanta-based Internet service providers EarthLink and BellSouth.net said the worm did not cause problems for subscribers. EarthLink, the nation’s third-largest Internet service provider, protected its network against the worm Monday, said Greg Collins, director of network engineering.”
OK, well, it must have been very late Monday. You see, Susan bought her son a new Dell as a 21st birthday present, and it was delivered Monday. I set up that computer, and created the DSL connection via his grandparent’s Earthlink DSL account. In a bizarre quirk I learned while trying to set up my new computer earlier this year, Windows XP apparently will not successfully create a DSL connection unless you first create a dial-up modem connection. So that was Step One for me, and when I checked, by default, the connection had the Internet Firewall turned on. So when I then created the DSL connection, I made the mistake of assuming that it, too, would have the Internet Firewall turned on by default.
It was at least 5pm when I made the first log on to Earthlink DSL, but within 15 minutes, the worm hit the unprotected Port 135, and we were in Reboot City. So despite their claim, by the close of business Monday, Earthlink’s system was still propagating the worm. At that moment though, I’d only heard some brief rumblings about a new threat, so my thinking was, “we haven’t even set up an e-mail account or downloaded anything, how can it be a virus?”
Unable to stop the rebooting (I’ve since learned that > Run > ”Shutdown -a” will abort the countdown to reboot), I told Alex he’d have to get on the phone with Dell tech support and go through troubleshooting. Only when I got home was I able to research the specific error message, find out the true nature of the threat, and find messages from hundreds of people struggling with this worm. It was simply pure coincidence that Alex’s computer arrived, unpatched, on the very day this worm really took off.
Relatively harmless, but a nasty little critter nonetheless. And devious, too: “One of the more unusual and ominous features of MSBlaster, in fact, is that it includes coding that is designed to launch a so-called denial-of-service attack on Microsoft’s Windows Update Web site—the same site where patches can be downloaded—beginning on Saturday and continuing through the year.”
Yep, on the 16th of each month, there will be attempts to swamp the Windows Update site, possibly complicating the efforts of those trying to download the patch. So if you run Windows XP and you haven’t patched your system, get it before Saturday.