Like probably thousands of other people, I have been hit by the
MSBlaster virus. I hadn’t really noticed anything until an advisory
suggested that I took a closer look. And lo and behold, I had an
msblast.exe process running and I also had that executable in \WINNT\SYSTEM32.
This is my first virus ever. I am so excited.
Cleaning it was relatively easy. For future references, you want to
- Install the
OS
security patch.
- Run a
remover.
Although I recognize viruses as a very real threat, I have never really been
proactive at stopping them. My work machine has an antivirus because it
came with one, but none of my other machines do. I use Outlook (well, used
to) and other reputedly dangerous software, but I have always relied on my
common sense to keep me out of trouble.
I am not saying this is a good idea.
One day, I expect to click on an unsafe attachment and infect myself.
We all have lapses in our attention and relying on our human senses to keep us
safe from viruses is not just stupid, it’s suicidal. But well, habits die
hard.
One word about Outlook: there is this myth that it is the main enabler
for virus propagation out there and that if you are using another client, such
as Eudora or Mozilla Mail, you are safe. This is incorrect. Viruses
typically travel through email attachments. You can launch an attachment
with any mail client and you will get infected just the same, so just be
vigilant regardless of your mail client. It is true that Outlook used to
have unreasonable security defaults, but this is no longer the case. Even
Word and Excel now come with a high security default, not allowing you to run
macros and other mechanisms that viruses use to propagate.
What’s interesting is that I have always thought that I would be infected one
day through email, but I ended up receiving a virus through another means (tftp
and RPC). Fortunately for me, this virus is relatively harmless for the
user: its main purpose seems to trigger a SYN attack on a Microsoft site
on August 16th. I am curious to see how this is going to unfold. I
am confident Microsoft has taken all the necessary precautions to foil the
upcoming onslaught, but we will see.
I remember when I saw my first virus. It was circa 1988 on the Amiga.
Viruses were totally unheard of back then. This virus, called
SCA, was
probably not the first but definitely a very early one. It propagated by
copying itself on the boot sector of floppies and all it did is wait for the
third invocation and then display a message saying "Something wonderful has
happened, your Amiga is alive, etc…". I remember finding this cool the
very first time I saw it, probably because I had no idea it was based on a
concept that would cause billions of dollars in losses in the coming years.
I disassembled the SCA virus back then and published an article about it in
the French Amiga magazine I was working for. As the assembly code was
unfolding in front of my eyes, I remember feeling much more fascination than
anger at the author. It was such a neat idea (and also a pretty cool
Copper list).
These days are gone. Protect yourself and if you don’t like to use
anti-viruses because they slow down your I/O operations, at least make sure your
machine is reasonably up-to-date with security patches.
#1 by Lance on August 13, 2003 - 9:31 am
I tried to make sure my machines were patched last night, but I was unable to get through to WindowsUpdate…. Wonderful virus, it achievs its aim through social engineering and code.
#2 by Talip Ozturk on August 13, 2003 - 9:39 am
Using Windows is very good sometimes. You can make lots of interesting stories out of it. this blog entry for example, I won’t have the chance of writing such blog entry, simply because my desktop runs Linux. Hopefully sometime in the future, i will have to run Windows and will have such mysterious email-virus stories to blog about. How cool is to be able to say “I have got virus today”. Even cooler thing is to get a sound enabled notifier (like AOL email one) saying something like “You have got virus!”…super cool idea.
#3 by Ricky Datta on August 13, 2003 - 10:50 am
How did you expose rpc port to public ?
No firewall ?
#4 by Paul Watson on August 13, 2003 - 11:27 am
At home, I use AVG antivirus. Its free for home use, effective, fast, and gentle on CPU cycles.
#5 by Bob Lee on August 13, 2003 - 3:29 pm
You’re still using Windows? Try OS X. 😉 Actually, Outlook was less secure than other e-mail clients. The problem was a mime type mapping mismatch between outlook and the OS. You could trick Outlook for example into thinking that an exe attachment was of an image mime type, in which case it would pass it off to the OS without question. The OS would recognize that it was actually an exe and run it. The problem here is that you didn’t have to opt to open the attachment. Simply previewing the message would result in executing the exe. If you have an unpatched install of Windows, you problem have this problem.
#6 by Pierre CARION on August 18, 2003 - 7:59 pm
Funny to read one of your current google ads : “Avoid the Blaster Worm”
😉
#7 by email virus on June 26, 2004 - 9:07 pm
I’m new to this site, just browsing around
#8 by Baha on June 30, 2004 - 2:41 am
Ha-ha-ha
#9 by Baha on June 30, 2004 - 2:41 am
Ha-ha-ha
#10 by Baha on June 30, 2004 - 2:46 am
Ha-ha-ha
#11 by email virus on August 31, 2004 - 2:06 am
Interesting thoughts, just wanted to mention I came from blogspot.
#12 by email virus on August 31, 2004 - 2:06 am
Was browsing through blogspot when I stumbled here