Good Security

By Jerry Pournelle

September 22, 2003

(Good Security :  Page 1 of 1 )

Column 278 (Continued from the Previous Week)

Worm Work

Worms generally work this way: Once a computer has been infected by one of these evil programs, the worm uses the infected computer to search for ways to reproduce itself. It does this by causing the infected computer to send out signals looking for other computers to infect. It will send these out by the thousands and tens of thousands, and eventually it will find a machine vulnerable to its attentions. It then infects that machine, and that machine begins to send out probes.

The infection process exploits various defects in the computer's operating system. Microsoft and other OS publishers look for these vulnerabilities and hope to find them before someone else does. Often they succeed and send out the fix before the worm—or virus—can be released into the wild. In the case of the Blaster and Nachi worms that made the rounds in August, the remedy for the Windows defect had been known and circulated for several weeks (see http://www.microsoft.com/security/antivirus/nachi.asp for more details; Cisco has instructions for blocking some of the side-effects using their routers at http://www.cisco.com/warp/public/707/advisory.html), but many computers—including all the Navy computers in the Pentagon—hadn't had the fix applied, and were not only infected but began to infect other machines.

SoBig.F would send out virus replicates whether or not your system was running Outlook. You had to pull the network cord to stop it. As Brian Bilbrey puts it, friends don't let friends click on attachments…

As a result, many of the government's computers and many, many others owned by both individuals and businesses large and small were infected: The worm was known, the remedy was known, but the government's computer experts—consultants in many cases—either couldn't be bothered or just hadn't got around to applying the fix.

 Page 1 of 1