Lessons From Worm Week

Lessons From Worm Week

New Internet attacks require constant vigilance

In August, students, teachers and administrators in Florida's Duval County Public Schools were told not to use their school computers because a devastating new Internet-borne worm called Blaster struck the network.

Blaster-infested machines reboot repeatedly every few minutes, slow significantly or become unresponsive. The worm can also install a hidden program so that infected computers can be controlled remotely at a later date. The district was a casualty in a concentrated series of worldwide attacks that became known as "worm week." And, since the district boasts one of the largest computer networks in the state--with more than 70,000 connected devices--it took several days to fix the problem.

Worms exploit security holes in computer software and rapidly infect other machines through local networks and the Internet.

Worms are far more insidious than online viruses transmitted as e-mail attachments or piggybacked on infected disks. They rely less or not at all on humans to spread. Worms exploit security holes in computer software, such as operating systems, and rapidly infect other machines through local networks and the Internet. Since conventional anti-virus measures do not work, the only protection is to download patch updates to correct flaws before new worms arrive.

Multiple Challenges

Blaster spread to more than one million computers by September, and shot right past firewalls and anti-virus software of machines with Microsoft Windows NT 4.0, Windows 2000, Windows XP or Windows Serve 2003. The worm also directed infected machines to bombard Microsoft's site for updating Windows, to prevent users from downloading needed patches. And adding insult to injury, malicious e-mail circulated that supposedly carried patches, but were actually viruses. (Microsoft does not transmit software updates by e-mail.)

The impact of worm week was felt even more keenly because it overlapped with unrelated global attacks by versions of SoBig, the fastest spreading e-mail virus ever. The virus arrived in system-clogging barrages of messages with subject lines including "Wicked Screensaver" and "Your Application." When unleashed, it installed Trojan horse programs directing victims' computers to spew spam messages and virus copies to random e-mail addresses taken from user address books. Since the spam was mailed out under random addresses, too, countless people received alarming notices that their machines had transmitted viruses, even when it was untrue. At its peak, SoBig infected 50 percent of the e-mail traveling across the Internet.

Worm-Proofing

Although no one could predict the severity of the worm attack, experts had warned about the Windows flaws weeks earlier, and Microsoft announced the availability of a critical patch on July 16. However, legions of users were unaware of the directive, or chose to ignore it, so worm week became a reality.

Windows users should therefore update virus protection weekly, visit the Microsoft Web site regularly to download critical updates, and set up firewalls to help stop new intruders. More than 65,000 viruses have rolled across the Internet, causing an estimated $65 billion in damages, and dangerous new forms such as SoBig and the Blaster worm will continue to be developed.

The tools to create more worms are readily available on an estimated 30,000 Web sites. While Duval County school Superintendent John C. Fryer Jr. credited his talented team of students for designing the district's Web portal, ironically, a high school student in Minnesota contributed to the attacks by adapting and launching a version of Blaster that infected 7,000 machines. He faces a $250,000 fine and up to 10 years in prison. The lessons of worm week should push you to reevaluate your security and priorities. Fighting worms and viruses begins at home.

Odvard Egil Dyrli is senior editor and emeritus professor of education at the University of Connecticut.


Advertisement