[Dixielandjazz] DJML and the latest computer-spread infectious diseases

david_haupt at agilent.com david_haupt at agilent.com
Fri Aug 22 19:28:14 PDT 2003


Since there have been a few postings on this matter, I thought it might be useful to provide some simple "what to do" steps for DJML members.

Don Ingle and Bob Ringwald are right.  The two ugly things that went on the past week are serious events.

So, step one.  If you have a Macintosh, ignore the rest of this posting.  Bill Gates is the political target of all the PC Pathology in the past few years; nobody writes viruses that can infect a Mac.

Two pestillences have been beating on the 'net of late.

The first one is the BLASTER worm.  The good news is that if you are running Mac, Windows 3.1, 95, 98 or ME, you cannot be infected.  The bad news is that for those running Windows NT, 2000 or XP, you can be infected, and it has nothing to do with email.  The infection in a machine takes a trip down your internet wire, looking in the picture window of every PC it can find.  If it finds an unlocked door, it goes in and spreads itself.  This particular worm, once installed, generates lots of traffic, making your PC slow and even causing occasional crashes and reboots.  It also attempts to overload Microsoft's OS update website, which is its real intent.

Symantec is a trusted source for virus removal tools.  A very quick tool for this particular nastiness is found at:

http://securityresponse.symantec.com/avcenter/FixBlast.exe

Downloading and running takes about 5 minutes.

If you want to get into the geeky details, the tool and the virus are described here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

But wait, there's more!

Someone wanted to do some good, so he wrote a new virus that spreads exactly like BLASTER, whose purpose in life is to remove blaster from your infected PC.  Problem is, this one blasts down the internet like a Ferrari, looking for infected machines to disinfect, so it still slows your PC down and can cause crashes.  The only better behavior is that it no longer tries to overload the Microsoft website.  This one is called Welchia.  One of my PCs was trying to hack into other machines on our network, but the Blaster removal tool told me the machine was clean.  Turned out I had the Welchia infection.  So, what we have here is a virus chasing another one; the first evidence that the internet is developing an auto-immune system.  One that doesn't work.  Again, Welchia does not depend on email.

Details on Welchia are found at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

and a quick and free disinfection tool is found at:

http://www.symantec.com/avcenter/FixWelch.exe


Either of these removal tools is used by downloading and running them.

If either disinfectant tool reports that you were infected, but now are not, you should also get the auto-update for your PC.  Navigate to 

http://windowsupdate.microsoft.com 

and click "Product Updates"

You have to tolerate a download, which will automatically determine which operating system you use and offer to install (for free) the various updates, which will make your system immune to today's virus of the month.



The second pestillence is email-borne.  You're immune if you're on a Mac, use AOL exclusively or use web-based email.  This one targets Microsoft Outlook users, but is quite capable of being nasty with Eudora.  Runs on any version of Windows.  To get infected, you have to open an attachment that has apparently come from a trusted colleague.

This one is called the SOBIG F virus.  Yes, sadly, there were versions A through E preceding it.  It originated in Europe.  DJML received almost 100 copies of this virus two nights ago, which was quite a record.  As Bob said, DJML software stripped them all and did not send them onward.  However, since this virus raids email addresses from address books, it most likely also sent out copies directly to DJML members.

Removal is a tad more complicated.  Directions and a free tool are again available from Symantec at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.removal.tool.html

Sorry for the long posting, but these two threats have really caused a lot of havoc and it's worth knowing how to clean them from your system.


The question that I come up with is this:  Do the virus writers want to cause trouble, have too much time on their hands, or are they are network security people who are trying to ensure a steady career? 

OK, if someone flames me for that, I deserve it.

Musical content "Stormy Monday"

Dave Haupt
Santa Rosa, CA




More information about the Dixielandjazz mailing list