|
It's early in 2004 and
Microsoft is sick with nearly 65,000 viruses,
it's crawling with worms, and there are enough
packaged trojans
sitting around to wreak havoc on almost any
virile computer. It would be nice for security
professionals to afford a week off from the
world of viruses,
worms, trojans,
and backdoors to enjoy a long overdue vacation,
but we all know the malevolent attempts of the
next major outbreak are just around the corner.
Case in point: let's look at the Blaster/Welchia
combo, which you might mistakenly consider to be
old news. Welchia in particular has already been
with us for a long time (relatively speaking)
but it's still very much alive. On the periphery
of my home network, my cable modem's receive
light stays on almost constantly, even when
there's no network activity on my part at all.
Curious about this and thinking I'm being
scanned, I look at my firewall logs. OpenBSD's
pf log indicates there are hundreds of unique IP
addresses reaching out to touch me, all on the
same port. I investigate further and the
majority of the traffic belongs to Welchia, the
worm that was released to fix the infamous
Blaster but then became a menace in itself. We
all know that Welchia first came out months ago
and exploited the RPC DCOM vulnerability that
Microsoft had patched several months prior, yet
on my little subnet of the world here in
high-bandwidth Canada, it has never been
stronger.
Worms and viruses are getting smarter, however.
The next Slammer, Blaster,
Bugbear or
SoBig-like
malcode is just around the corner. Those who
study the propagation algorithms of worms [ref1:
Vogt,
"Simulating and optimising worm propagation
algorithms"] [ref2: Hanson, Kostanecki, Jagodzinski and Miller,
"Worm Propagation in Protected
Networks"] could speculate on what might be
coming next or how quickly they will reach
saturation. Microsoft has finally started
scraping slivers off their profits to help catch
the virus writers who write the very viruses
that purportedly are costing us billions. I
think this is an excellent idea, provided it's
just one tier of a multi-tiered, well thought
out strategy to improve security for the public
at large. If enough money is put up, I truly
believe that some of these miscreants will
inevitably get caught.
In the interim, why don't you take a week of
holidays away from the virus world and spread
some good cheer -- and remember to tell all your
semi-computer-literate friends to patch their
home computers, install a firewall, keep their
virus definitions up-to-date and develop an
attack plan against
spyware. Spread the word.
The typical, average computer user truly needs
your help. The next big virus/worm/trojan is
always just around the corner.
Detection and Removal Instructions for
Worms
| 
