As Two Worms Multiply, CERT Releases Security Tips for Home-Computer Users

Last week, I mentioned that I didn't know about any cracks to Windows XP license activation so far. Since then, I quickly learned that cracks do exist, so I suppose that fact is quite a statement considering Microsoft's stance that mandatory license activation will thwart piracy.

On another note, did the Code Red worm hit your Web network last week? I've received many emails requesting details about the Code Red worm and how to stop it or recover from its infection. The irony is that more than a month ago (June 18), Microsoft released a patch for a security bug that's related to IIS-based .idq and .ida file mappings—the same bug that the Code Red worm exploits. Be sure to read the related news story in the Security Roundup section of this newsletter.

Because the Code Red worm has affected so many sites already (including Microsoft's Windows Update site and many sites operated by the US Department of Defense—DOD), it's apparent that many online entities still don't keep their systems as up-to-date as possible, so they suffer the consequences of lackadaisical systems administration. If nothing else, the Code Red worm serves as one more example of why we need to consider acquiring and installing software patches and updates as top priorities in our daily routines.

As I mentioned, the Code Red worm takes advantage of a bug related to the .ida and .idq files. Nelson Bunker, vice president of security at Critical Watch, notified me last week that his company has released a utility that quickly removes any .ida and .idq file mappings from an IIS server. Users can run the utility from a remote workstation against an IIS server. Users can also download the utility as freeware at the company's Web site (along with complete source code).

I hope you don't think workstations or home computers running IIS and the related indexing services are immune from such a worm, because they aren't. A home computer is just another system connected to the Internet. To help small offices/home offices (SOHOs) with problems such as the Code Red worm, the Computer Emergency Response Team (CERT) released a document titled "Home Network Security." Users can access this document online at CERT's Web site (CERT updated it June 26).

I took a quick look at "Home Network Security" and found that the document covers a broad range of security concerns, including basic material that explains computer security, TCP/IP networking, firewalls, and antivirus software; various types of risks, including hardware-related problems such as disk failure and theft; and a series of actions that home-based users can take to protect their systems. Be sure to check it out—it's good material.

On that note, are you aware that in addition to this newsletter and numerous others, we offer our Connected Home EXPRESS email newsletter? The biweekly newsletter offers how-to advice, tips, and news that cover a broad range of technology-related topics: home automation, home networks, home theater, and a variety of gadgets-on-the-go. Visit the related Connected Home Magazine Web site, and be sure to take a look at this newsletter.

Before I sign off, I want to remind you that another worm is spreading fast, but this one affects Outlook email clients. The W32/Sircam worm spreads by sending copies of itself to every person listed in an affected user's Outlook address book (see the related item in this newsletter's Security Tools section under Virus Center). Since Friday, I've received at least two dozen copies of the worm in email from people that have my email address in their address books. The worm is still spreading, so be sure to review the technical details regarding the W32/Sircam worm at our online Virus Center, and download the latest antivirus signature updates from the software vendor of your choice.

End of Article