• United States

How my secure computer gets two ancient worms

May 04, 20063 mins

Since 1995, I’ve been writing about the dangers of online computing and ridden the storm relatively unscathed. I’m one who knows the dangers, who keeps my security software up to date and surfs safely. Still I get hit during a moment of weakness sometime in April when I was running a new security software package that was supposed to make all this pain go away. Unfortunately, the software wouldn’t update through my secure firewall router (see previous blog). And so, for a few days, my computer was hanging out there unprotected. After I replace it with Panda Platinum (another all in one that claims to be less complicated), I again receive no updates. This time it’s my fault for ignoring the part that says I need to authenticate my security settings with a separate username and password so it can update. Knowing my vulnerability, I practice safe computing by making my deadlines on my Mac and keeping my XP turned off except when trying to configure the software. When I finally do get around to configuring Panda, I can’t get either of my browsers to open and do the updates. With several zero days against IE (which I updated against last week) and on Firefox (which there was no update for last week), I’m thinking I’ve probably got two trashed browsers. Until after some research, when I realize Panda’s firewall has been blocking the browser connection attempt at start up. So I reboot, tell it to allow the connection and I get back my browsers. Panda updates its malware signatures. I turn on Panda’s ‘heuristics’ to look for anomalous behavior indicative of malicious software trying to do something on my computer. And then I run a manual scan. In about ten minutes, Panda finds and cleans 17 infected files, mostly tracking cookies. But where’d those two mass-mailer worms come from? MyDoom.M and Netsky.P, both of which originated in 2004, and both memory hogs, were discovered and eliminated from my PC. Curious about how I’d get such old worms during my moment of vulnerability, I go on the Internet and do some reading. At least one of them, MyDoom.M, had a resurgence last month, according to an article in e-Securityplanet. And security experts I talk to say that most of their worms are old code that even outdated antivirus should have in its signature database. All cleaned up and rebooted, my Mozilla browser updated today with its new auto update feature introduced in its last service pack. So I’m feeling safe again — enough to use my XP in creating this blog. Because I know it could have been much worse. It could have been keystroke logging software, remote-control ware, rootkits and other malware that’s epidemic out there. Watch for my articles about all that in Networkworld (May 22), (May 15) and SC Magazine (June or July).