Worm in the machine

On Monday morning, thousands of computer users woke up to the news that yet another worm was wreaking havoc on computer desktops and networks across South Africa and the world.

As IT specialists and companies scrambled to contain the threat of the Sasser worm, users could be forgiven for feeling that this was just more of the same, and that outbreaks of computer viruses are becoming as common, and annoying, as that other scourge of the information age, spam.

The fact is, that these attacks are becoming more frequent, and in some cases more sophisticated, than ever before. The whole thing is a race between virus writers, developers and security experts, and it’s getting faster.

It took only three weeks from the time Microsoft identified the flaw in Windows that Sasser exploits, to the release of the first version of the worm. Three days later there were four versions circulating.

This is because the people who write viruses are getting better at it, and better paid for it. Once the domain of geeky misfit kids trying to outdo each other, virus writing is increasingly being done with a purpose — one that is far more sinister than simple vandalism.

Many of the recent virus releases were designed to do specific things, such as bring down websites (MyDoom was created to launch an attack on the website of a company embroiled in a legal battle with Linux), send out spam (Sobig turned infected machines into spam servers) or steal secure and sensitive information, such as credit card details.

The common goal behind the recent spate of virus attacks has been to create a network of computers that can then be used by the virus writers for their own, illicit purposes.

Dwaine van Vuuren of Dimension Data says that “hackers are now using ‘zombie’-affected PCs across the globe as personal ‘armies’ to extort ‘protection money’ from organisations and companies that rely exclusively on Internet presence for revenue” — in other words, not so much virtual vandalism, as virtual extortion.

Not, of course, that the gang warfare mentality of virus writing has been completely overtaken by these new mercenary goals.

According to Finnish security company F-Secure, on digging into the code of the latest versions of the Netsky, MyDoom and Bagle worms, one finds hidden messages to other virus writers such as: “Hey, NetSky, fuck off you bitch, don’t ruine our bussiness, wanna start a war?”; “Skynet AntiVirus —Bagle—you are a looser!!!”.

International anti-virus company Sophos says that a hidden message in the Sasser worm points to the writers of the NetSky virus claiming responsibility for it: “Hey av [anti-virus] firms, did you know we’ve programmed the Sasser Virus?!?”

Despite the adolescent posturing and bad spelling, these code-writers should be taken seriously. They have caused millions of rands worth of damage and managed to bring networks to a standstill.

Although the final impact of the Sasser worm has yet to be assessed, Gary Middleton of Dimension Data says that the cost is already in the tens of millions of rands in South Africa alone. By the middle of this week, several major companies were still battling the outbreak.

He considers this attack to be as severe as the Blaster attack that crippled companies last year. Worldwide, companies affected by Sasser included banks, governments, post offices and airlines.

The truly scary thing, though, is that Van Vuuren predicts that this is just the first of the 10 to 16 major virus or worm attacks we can expect this year alone.

What it is, what it does and what to do about it:

According to Barry Irwin, a lecturer at Rhodes University, and certified Internet security professional, Sasser is a worm, which means it spreads by itself. You don’t need to open an infected e-mail, or run an application, to catch it. Any computer that is running Windows and is attached to a network or the Internet can catch it. Once you are infected, the worm will use your computer to try to spread to other machines. Because it is badly written, it may cause your computer to repeatedly crash and reboot, but this is not intentional.

To protect yourself from Sasser, and other attacks, you should

  • Update your computer’s operating system, by going to the Microsoft website, www.microsoft.com.

  • All Windows users should make sure that they regularly check the Microsoft website for updates.

  • Update your anti-virus software, and keep it updated.

  • Install a personal firewall. If you are using Windows XP, a firewall comes with the operating system. There are also several free ones available. If you are using a broadband, always-on Internet connection, then a firewall is particularly important.

  • Subscribe to the M&G

    These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

    The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

    Related stories

    Explainer: How Facebook has become the world’s largest echo chamber

    In 2017 the social network had 2 billion members, by its own count. Facebook’s relationship with news content is an important part of this ubiquity.

    Combating the onslaught of spam

    Chances are you've received several e-mails that promise you cheap Viagra, diet pills that really work, a chance to win a million-dollar lottery in some country you've never heard of, and several million dollars needing to be liberated from a Sudanese government minister's bank account. If you have, then you've been spammed.

    ‘Exorbitant Internet’ hurting SA

    "We will do what has to be done to achieve good broadband Internet access in South Africa." So says Rudolph Muller, founder of MyADSL, a South African website aimed at providing a forum for the discussion of broadband Internet access issues.

    A game of cat and mouse

    Geoff, a South African software developer, says that he downloaded about 30 gigabytes of music to his computer over the past year. This collection, which, depending on the quality of the files, would take him about 20 days of continuous playing just to listen to, didn't cost him a cent -- he downloaded it all from the Internet. Until intellectual property rights can be properly enforced, piracy will continue to be 'part of Internet culture'.

    Is open source the saviour?

    Open-source software (OSS) has had a lot of publicity recently, the most noticeable of which was the launch of the Mark Shuttleworth-backed Go Open Source campaign earlier this month. Everybody, it seems, from the government to private corporations, NGOs and home users, is hailing open source as the saviour of the IT industry in South Africa. But is it really?

    The PPE scandal that the Treasury hasn’t touched

    Many government officials have been talking tough about dealing with rampant corruption in PPE procurement but the majority won't even release names of who has benefited from the R10-billion spend

    ANC still at odds over how to tackle leaders facing...

    The ANC’s top six has been mandated to work closely with its integrity committee to tackle claims of corruption against senior party members

    press releases

    Loading latest Press Releases…

    The best local and international journalism

    handpicked and in your inbox every weekday