Q: What do I need to do to protect my computer from the "blaster" worm? — Ray
A: Unless you have been vacationing on a remote island or just got back from orbiting the Earth, you probably have heard about the "blaster" or "LovSan" worm by now.
It is one of the most widespread outbreaks in recent history, estimated to have hit more than 120,000 computers in a 24-hour period.
Fortunately, it does not do permanent damage to the operating system or critical data, but it can render a computer useless because of the constant shutdowns that it can cause.
What is particularly troubling about this worm is that it does not use e-mail to spread; it simply scans the Internet looking for computers that have a known vulnerability.
This vulnerability, which was discovered in June, allows for malicious code to basically "overpower" systems running Windows NT, 2000, XP and Server 2003 so that they can be taken over. (Windows 95, 98 and ME are not affected by this worm.)
Once the system has been compromised, the worm installs itself on the system then continues to look for more machines to infect.
The main difference between a worm and a virus is that a worm can spread from computer to computer by itself, generally without any user involvement. A virus will typically try to infect files on a single computer, but needs a little help to spread to other computers (e-mail, floppy discs, etc.).
Microsoft introduced a patch for this problem in July, and it’s really all that you need to avoid becoming a victim, but the announcement went largely unnoticed. This and many other patches are always available free from Microsoft by visiting WindowsUpdate.com.
The biggest concern I have about this newest delivery method is that it signals the beginning of a new wave of malicious code.
The first generation of the Code Red worm, which was launched in the summer of 2001, was poorly written and did not do as much damage as it could have. Code Red II, however, was a modified version of the original Code Red that fixed a flaw in how it was spread and managed to infect more than 300,000 servers.
This same re-engineering of the code is already occurring with the blaster/LovSan worm as variants of the original have already been discovered. The original worm was poorly written, but rest assured — a newer, more potent and likely more destructive version is on its way as online vandals fiddle with the code.
If you did not get hit with this variant, don’t assume that you are safe. Let it be a lesson to all of us to keep our operating systems updated.
Get in the habit of visiting WindowsUpdate.com at least once a month or subscribe to a newsletter from a trusted source that will alert you of vulnerabilities and remind you to keep your system protected.
Our newsletter subscribers, for instance, were warned about this problem on July 19 with instructions on how to patch the problem. If you would like our system to warn you in the future, you can subscribe to our free weekly newsletters at either ComputerProblems.com or at DataDoctors.com.
Ken Colburn is president of Data Doctors Computer Services and host of the "Computer Corner" radio show at 10 a.m. Saturdays on KTAR (620 AM) and the "Tech No Phobia" television show at 5:30 p.m. Tuesdays on COX9. Readers may send questions to firstname.lastname@example.org.