Like probably thousands of other people, I have been hit by the
MSBlaster virus. I hadn’t really noticed anything until an advisory
suggested that I took a closer look. And lo and behold, I had an
msblast.exe process running and I also had that executable in \WINNT\SYSTEM32.
This is my first virus ever. I am so excited.
Cleaning it was relatively easy. For future references, you want to
Although I recognize viruses as a very real threat, I have never really been
proactive at stopping them. My work machine has an antivirus because it
came with one, but none of my other machines do. I use Outlook (well, used
to) and other reputedly dangerous software, but I have always relied on my
common sense to keep me out of trouble.
I am not saying this is a good idea.
One day, I expect to click on an unsafe attachment and infect myself.
We all have lapses in our attention and relying on our human senses to keep us
safe from viruses is not just stupid, it’s suicidal. But well, habits die
One word about Outlook: there is this myth that it is the main enabler
for virus propagation out there and that if you are using another client, such
as Eudora or Mozilla Mail, you are safe. This is incorrect. Viruses
typically travel through email attachments. You can launch an attachment
with any mail client and you will get infected just the same, so just be
vigilant regardless of your mail client. It is true that Outlook used to
have unreasonable security defaults, but this is no longer the case. Even
Word and Excel now come with a high security default, not allowing you to run
macros and other mechanisms that viruses use to propagate.
What’s interesting is that I have always thought that I would be infected one
day through email, but I ended up receiving a virus through another means (tftp
and RPC). Fortunately for me, this virus is relatively harmless for the
user: its main purpose seems to trigger a SYN attack on a Microsoft site
on August 16th. I am curious to see how this is going to unfold. I
am confident Microsoft has taken all the necessary precautions to foil the
upcoming onslaught, but we will see.
I remember when I saw my first virus. It was circa 1988 on the Amiga.
Viruses were totally unheard of back then. This virus, called
probably not the first but definitely a very early one. It propagated by
copying itself on the boot sector of floppies and all it did is wait for the
third invocation and then display a message saying "Something wonderful has
happened, your Amiga is alive, etc…". I remember finding this cool the
very first time I saw it, probably because I had no idea it was based on a
concept that would cause billions of dollars in losses in the coming years.
I disassembled the SCA virus back then and published an article about it in
the French Amiga magazine I was working for. As the assembly code was
unfolding in front of my eyes, I remember feeling much more fascination than
anger at the author. It was such a neat idea (and also a pretty cool
These days are gone. Protect yourself and if you don’t like to use
anti-viruses because they slow down your I/O operations, at least make sure your
machine is reasonably up-to-date with security patches.