A Wormy Story
Dave Helmer, CUGG
Sooooo.... did ya catch it?
- Were ya infected?
- Did it shut your system down at all?
- Were you just the least little bit inconvenienced?
I'm talking, of course, about the recent e-mail outbreak of the Magistr worm among numerous members of CUGG, occurring over the weekend of February 22-25. Magistr is a very well-known, well-documented worm that has been around since at least early last year. I took several calls from members about the problem, some blaming the [CUGG] website for being the source of infection, others in a panic that "we need to do something", and a few that had no idea they were infected and spreading the worm until they received e-mails from irate recipients of the infected e-mail. Invariably, when I asked the infected ones about the state of their anti-virus software, the response was "none" or "old data files". Now, forgive me if I sound pleased to be the one to say, "I told you so", but "I TOLD YOU SO!"
My involvement in this episode started with a copy of the infected e-mail showing up in my in-box (Netscape, by the way, not the sieve known as Outlook Express) on Thursday, February 21st. The message was, of course, text from a random document in the sender's My Document folder, taken out of context, with an executable file attached. ZoneAlarm Pro had already renamed the file so that it could not auto-execute, and I was able to simply delete the message. No harm, no foul. Had I been silly enough to attempt to run the attachment anyway, AVG Pro would have been so kind as to inform me that the file was "loaded" and ask me what to do with it. For me, this "situation" wasn't. It barely blipped on my consciousness. I e-mailed the person who had sent me the infection, and advised them to deal with their problem. That should have been the end of it, but of course it was not. Over the next several days, Don [Wiegel], Cruz [Moncivais], and I took numerous calls from CUGG members who had been infected.
Don (one of the infected) and Jamie [Wiegel] put together an e-mail and sent it out with instructions on how to clean up the mess. Cruz was unavailable, so all he got was messages on his answering machines. I stopped answering the phone. Here's why. I've been preaching security awareness to CUGG since the days of MS-DOS and dial-up Bulletin Board Systems (BBS's). Every year, I do one or two presentations and/or newsletter articles for CUGG about the necessity, implementation and use, of anti-virus programs, firewalls, ad-blockers, etc., ad nauseam. Apparently some of you still aren't listening. Now you want me to help you shut the barn door after the horse is gone. Why? It's not my problem. If you had been listening all along, it would not be your problem. I will, however, come to your house and help you clean it up, at my standard rate. For those of you who did not call, I will assume (I know, I know...) that you HAVE been listening, and that for you, this was also a non-event. Congratulations, Kudos, Thank you.
In an effort to help prevent this kind of thing from recurring, Don has convinced me to implement some sort of Security page with links and information outlining once again, what I think you should be doing to help keep your system secure. Look for it on the website, Don will have to tell you where to look. Let's try to prevent another outbreak of what should have been a nonexistent problem.
And by the way, the website had nothing to do with this infection.