Jamie's Blog

Ruby developer. CTO. Swimmer. Always trying to write more

a different virus…

so after complaining that I’d been left out of the recent SoBig.F virus crisis I managed to catch the MSBlast virus. What surprised me is that I caught it on my laptop - an unprotected, unconnected w2k machine. In the time it took me to check my email and read some rss feeds via BlogLines the virus had exploited a buffer overflow in the RPC service and got itself in. This laptop is only online for <1hr/month, over a dailup connection and I still caught the bug.

Anyway, the solution was fairly simple and I believe any damage was limited because most of the unused services on my laptop are not active - so after about an hour something crashed and the laptop got a little strange but it didn’t shutdown (which is what the worm wanted). A little time on the net and I had the information, the fix and a patch. After feeling dirty I did the computer equivilent of a good hot shower: installed W2K service pack 3, defrag’d, backed up and installed a Tiny Firewall. So far so good - it detect various incoming/outgoing net activity and allows me to create a permanent rules to allow/disallow. Good stuff.

Next thing is some anti-virus softare although I’m loathed to leave it running all the time consuming resource when I not connected to the net.