In the Spotlight

News & Features
More from MPR
Your Voice
DocumentJoin the conversation with other MPR listeners in the News Forum.

DocumentE-mail this pageDocumentPrint this page
The Blaster worm explained
The computer worm Jeffrey Parson is accused of releasing represents just one of several attacks Internet users have been alerted to in recent weeks. Parson's creation wasn't even an original. But computer security experts say even as a variant of the Blaster worm, it had plenty of potential to frustrate computer users.

San Francisco, Calif. — The Blaster worm struck computer users around the world beginning Aug. 11, the first in a wave of attacks during the month. It announced itself to many users by forcing their machines into an endless loop of shutting down and starting up.

It did not otherwise damage computers, and failed in a plan to employ infected machines to attack the Microsoft Corp. Web site. Still, it hit hundreds of thousands of PCs, and even shut down the Maryland Motor Vehicle Administration.

"Probably the most impressive element of it was the way it could have been picked up by a kid and modified in a way that would easily be propagated, because it was written in a way that could be easily modified," says Doug Howard, vice president of Counterpane Internet Security, based in Silicon Valley.

The FBI alleges Hopkins teenager Jeffrey Lee Parson did just that, creating a variant of the Blaster worm. It appears he didn't change the method of attack, but just gave it a new name. Howard says that simple change essentially extended the worm's lifespan.

The typical target for this would be ... perhaps your home user who has maybe a broadband connection, cable modem type connection -- and they leave their system connected all the time, even when they go to bed or go to work.
- Paul Wood, Internet security analyst

"It is to basically continue the effectiveness of the original intent of the virus to start with, by bypassing any protections that have been put in place relative to the original code that was released," says Howard.

In other words, anti-virus software looking for a file called "blaster.exe" would miss a variant with a different name.

Blaster spread far and wide because home computer users and those who run corporate systems weren't prepared to defend it, even though there were warnings that something like this would happen.

Paul Wood is chief information security analyst with security company MessageLabs in London.

"The typical target for this would be ... perhaps your home user who has maybe a broadband connection, cable modem type connection -- and they leave their system connected all the time, even when they go to bed or go to work," says Wood.

"Browsing the Internet is certainly not a passive experience like watching the television. Because you're there and other people can see you. It doesn't take very long for any machine connected to the Internet to receive these kinds of attacks -- from anywhere on the Internet, from any country," Wood says.

Experts say to defend against Blaster-type worms, you need to keep your Windows operating system updated and patched, run up-to-date anti-virus software, and install a firewall -- that's software that puts up a barrier between your computer and the Internet.

You'll hear Blaster referred to as a worm, not a virus. The difference is that a virus needs a host to spread -- a diskette in the olden days, now usually a file like an e-mail attachment that's sent around the Internet.

A worm just crawls around the Internet looking for vulnerable computers. SoBig, another attack from this month, was more virus than worm. It rode in on files attached to e-mail. Viruses like SoBig, one of the fastest spreading viruses ever, would amount to nothing if users wouldn't open them.

Larry Rogers with Carnegie Mellon University's Software Research Engineering Institute says computer users should ask a few questions before opening an e-mail attachment.

"Have you ever received mail from this person before, and have you established a relationship in some form? Is this something you were expecting? Does this attachment make sense? Have I run this attachment through a virus checker to see if it's a known virus?" says Rogers.

If there are any warning signs, Rogers says you should dump the mail in the trash.

Perpetrators of most viruses and worms are never identified, much less arrested. Even though Jeffrey Parson's Blaster variant is believed to have infected only about 7,000 computers, it's likely the FBI would like to make an example of him.

Respond to this story
News Headlines
Related Subjects