Home
News & Features
Politics
Issues
Music
Arts & Culture
Business
Science
Life
Weather
RSS Feeds
Weblogs
Podcasts
Video
Radio Listening
Events Calendar
Your Voice
About Us
Support Us
Help
In the Spotlight

Tools
DocumentSign up to receive e-mail newsletters
DocumentAudio help
DocumentText: Sm : Md : Lg
News & Features
Audio
AudioThe Blaster worm explained (story audio)
AudioJon Gordon's complete interview with Doug Howard
AudioFuture Tense: Internet security (8/18/03)
More from MPR
DocumentVirus suspect appears in court (08/29/2003)
DocumentTeen who launched Internet virus mostly kept to himself (08/29/2003)
DocumentFuture Tense, hosted by Jon Gordon
Resources
DocumentCounterpane Internet Security
DocumentMessageLabs
DocumentMicrosoft security
Your Voice
DocumentJoin the conversation with other MPR listeners in the News Forum.

DocumentE-mail this pageDocumentPrint this page
The Blaster worm explained
 by Jon Gordon, Minnesota Public Radio
 August 29, 2003

The computer worm Jeffrey Parson is accused of releasing represents just one of several attacks Internet users have been alerted to in recent weeks. Parson's creation wasn't even an original. But computer security experts say even as a variant of the Blaster worm, it had plenty of potential to frustrate computer users.

San Francisco, Calif. — The Blaster worm struck computer users around the world beginning Aug. 11, the first in a wave of attacks during the month. It announced itself to many users by forcing their machines into an endless loop of shutting down and starting up.

It did not otherwise damage computers, and failed in a plan to employ infected machines to attack the Microsoft Corp. Web site. Still, it hit hundreds of thousands of PCs, and even shut down the Maryland Motor Vehicle Administration.

"Probably the most impressive element of it was the way it could have been picked up by a kid and modified in a way that would easily be propagated, because it was written in a way that could be easily modified," says Doug Howard, vice president of Counterpane Internet Security, based in Silicon Valley.

The FBI alleges Hopkins teenager Jeffrey Lee Parson did just that, creating a variant of the Blaster worm. It appears he didn't change the method of attack, but just gave it a new name. Howard says that simple change essentially extended the worm's lifespan.

The typical target for this would be ... perhaps your home user who has maybe a broadband connection, cable modem type connection -- and they leave their system connected all the time, even when they go to bed or go to work.
- Paul Wood, Internet security analyst

"It is to basically continue the effectiveness of the original intent of the virus to start with, by bypassing any protections that have been put in place relative to the original code that was released," says Howard.

In other words, anti-virus software looking for a file called "blaster.exe" would miss a variant with a different name.

Blaster spread far and wide because home computer users and those who run corporate systems weren't prepared to defend it, even though there were warnings that something like this would happen.

Paul Wood is chief information security analyst with security company MessageLabs in London.

"The typical target for this would be ... perhaps your home user who has maybe a broadband connection, cable modem type connection -- and they leave their system connected all the time, even when they go to bed or go to work," says Wood.

"Browsing the Internet is certainly not a passive experience like watching the television. Because you're there and other people can see you. It doesn't take very long for any machine connected to the Internet to receive these kinds of attacks -- from anywhere on the Internet, from any country," Wood says.

Experts say to defend against Blaster-type worms, you need to keep your Windows operating system updated and patched, run up-to-date anti-virus software, and install a firewall -- that's software that puts up a barrier between your computer and the Internet.

You'll hear Blaster referred to as a worm, not a virus. The difference is that a virus needs a host to spread -- a diskette in the olden days, now usually a file like an e-mail attachment that's sent around the Internet.

A worm just crawls around the Internet looking for vulnerable computers. SoBig, another attack from this month, was more virus than worm. It rode in on files attached to e-mail. Viruses like SoBig, one of the fastest spreading viruses ever, would amount to nothing if users wouldn't open them.

Larry Rogers with Carnegie Mellon University's Software Research Engineering Institute says computer users should ask a few questions before opening an e-mail attachment.

"Have you ever received mail from this person before, and have you established a relationship in some form? Is this something you were expecting? Does this attachment make sense? Have I run this attachment through a virus checker to see if it's a known virus?" says Rogers.

If there are any warning signs, Rogers says you should dump the mail in the trash.

Perpetrators of most viruses and worms are never identified, much less arrested. Even though Jeffrey Parson's Blaster variant is believed to have infected only about 7,000 computers, it's likely the FBI would like to make an example of him.


Respond to this story
DocumentTalk about this story in the MPR News Forum
DocumentSubmit a commentary
DocumentHelp us cover this story
News Headlines
Related Subjects
Minnesota Public Radio © 2024 | Home : Terms of Use : Your Privacy Rights
Radio Listening : News & Features : Events Calendar : Your Voice : About Us