Fighting fire with fire -or- the War of the Worms.

I was highly annoyed with my ISP yesterday as I went to sit down and play a little online Medal of Honor only to find that I couldn’t get a server to ping below 269 for much of the evening. Checking the Network Status page I learned that the recent MSBlaster worm was being blamed for the network slowdown due to the increased traffic it was generating so then I became highly annoyed with the thousands of broadband computer owners who seem to be incapable of figuring out how to visit Windows Update every other week or so to help ensure their machine doesn’t fall victim to such worms.

Well it seems someone else must have been annoyed with them too as there is a new variant of this worm now out in the wild that infects your PC, removes the original version of MSBlaster and then patches your machine with the Microsoft patch needed to fix the problem. This new anti-MSBlaster worm contains code that will cause it to erase itself from your system come 2004.

Wired News: Are You a Good or a Bad Worm?

Despite the worm’s seemingly helpful nature, some security experts are not amused.

“Presumably this was a well-intentioned action, but where does it all end?” wondered Mike Fergamo, a systems administrator. “Next week will we have an antiworm for the antiworm’s antiworm?”

But some users welcomed the worm.

“My computer hasn’t been right since it was infected last week,” said Nadine Lovell, a Manhattan textile designer. “This afternoon it’s working perfectly again.”

A scan of Lovell’s system confirmed her machine had indeed been infected with the new Blaster variant.

“Thank you, worm!” said Lovell.

While this might seem like a good idea it actually makes the problem worse in two ways:

First it results in the same spike in network traffic that MSBlaster causes which is part of why the net has been so damned slow for the past couple of days and if it doesn’t remove itself before 2004 then that’s going to be an ongoing problem even if it does wipe out MSBlaster in the wild as all those machines with this anti-worm will continue to attempt to infect other PCs on the Net. Imagine how bad network traffic would become if people tried to write anti-worms for every single worm that someone releases onto the Internet?

Secondly, it encourages people to not take responsibility for maintaining their own PCs and ensuring the OS is patched with the latest updates. If you have broadband you really have no excuse not to visit Windows Update and make sure your system is patched on a regular basis or at least every time you hear about a major new exploit on the evening news. If it’s on the news then chances are Microsoft will have a patch available that day or within the week. I restage my PC often and I have to reapply all of the patches every time I do it. That’s about 82 megs worth of patches these days if you have Service Pack 1 installed already. With my old broadband connection that’s less than a 10 minute download. It actually takes longer to apply the patches than it does to download them and the application is automatic. Hell, if you’ve got Windows ME or later you can have your system download and apply the patches without intervention if you want it to.

So get with it folks. I’ve got me some Nazi’s I need to kill or we’re going to lose this war!

2 thoughts on “Fighting fire with fire -or- the War of the Worms.

  1. I have to agree with you; the two latest big worm/virus/variant/scares were blown way out of proportion by lack of patching that was already available.

    However, I am a bit of a freak when it comes to internet security; I try to not allow any software to “automatically” download or install anything on my computer—including Microsoft. I also try to read up on the latest “fixes” before I install them.  Sometimes the “cure” is worse than the “disease.”

    So, I will keep visiting and downloading myself.

    There really is not excuse NOT to.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.