Who will win the war of the worms?
You think malicious hackers wouldn't be interested in your lowly PC? Think again.
One new worm (a type of computer virus) attempts to win cash prizes in contests offered by Internet security companies. To harness computing resources to crack a public challenge, and win the prize, the worm's authors try to take over as many PCs as possible.
In a kind of PC Darwinism, a worm that finds an infected PC will now kill off the original worm and insert itself. This gives the virus' author credit for cracking the challenge--if the hijacked PC happens to be the one that solves the contest.
The worm's authors are currently exploiting software provided by Distributed.net, a nonprofit organization that coordinates thousands of contest participants. The organization's legitimate software, provided free to people who wish to enter the contest, is delivered inside a "worm."
The worm, so named because it travels from PC to PC without killing its hosts, installs the software and begins using a PC's central processing unit (CPU) to try to solve the contest.
Distributed.net is an innocent bystander. Its coordinated efforts to solve security challenges are welcomed by the companies that publicize the contests, such as RSA Security'sDES Challenge. And the nonprofit organization vows to ban anyone who installs its software on someone else's PC.
But the development of this new type of worm, although it doesn't immediately harm its hosts, illustrates a serious problem.
Once a virus author has planted a worm in an unsuspecting person's PC, the worm immediately uses the infected system to search for other PCs on the Internet. After a worm runs on a PC, the program could easily search for credit card numbers, passwords or other confidential information.
The new virus breed was demonstrated by the Honeynet Project, a collaboration of 30 security professionals. These so-called white hats study malicious hackers, called black hats.
In a report, project coordinator Lance Spitzner writes that the group's network received 524 contacts in a mere 30 days from worms scanning the Internet at random.
The white hats then connected a Windows 98 PC to the Internet. The PC was configured to welcome and study the worm. This is a form of hacker bait called a "honeypot."
The test PC was infected with the worm in less than 24 hours.
After another three days, the test system had been probed by at least four other worms, some of which deleted earlier inhabitants to install themselves.
"This shows an extremely aggressive nature of worms, where one worm competes with another worm for real estate or, in this case, CPU cycles," Spitzner said.
Windows users often use high-speed Internet connections but don't password-protect shared folders on their hard drives. In this situation, a worm can install itself and start scanning the Internet for other systems to infect.
You can protect against this worm while simultaneously defending a PC against a wide variety of other not-so-nice visitors. Here's how:
• Antivirus programs. Utilities like Norton Antivirus 2001, currently a CNET Editor's Choice, detect and remove the worm, known as "Dnet.Dropper" or "Win32.Bynum," as well as thousands of other viruses.
Symantec, the publisher of Norton Antivirus, warns, however, that the utility must be updated to Oct. 10, 2000, or later, to detect and clean Dnet.Dropper.
• Personal firewalls. Programs like ZoneLabs' Zone Alarm 2.1, also a CNET Editor's Choice, protect a PC's Internet connection from unauthorized use.
Corporate technology departments require more heavy-duty measures. But if you use a home PC, personal defenses can prevent your computer from becoming a home for worms and other critters.
Consumer advocate Brian Livingston appears at CNET News.com every Friday. Do you know of a problem affecting consumers? Send info to tips@BrianLivingston.com. He'll send you a book of high-tech secrets free if you're the first to submit a tip he prints.