Sponsor's Message

Code Red was one of the first truly global worms that decimated the world's population of IIS-based webservers in double-quick time while flooding the Net with massive amounts of "noise" in the form of infected machines searching for new victims.

The Blaster worm was just as bad, except this time the biggest victims were not those hosting websites but anyone with a version of Windows XP connected to the Net.

The Love Bug is another piece of malware that ripped through the PCs if the unpatched in record speed, spreading chaos and mayhem as it went.

And now I predict (quite safely I might add) that the next really big piece of malware is about to hit the Net -- in the form of a JPEG worm.

The JPEG vulnerability presently affects a huge number of Net-connected PCs which means that any worm using this vector has the potential to spread at a fantastic rate.

No doubt there will be tens of millions of vulnerable PC users who simply don't bother to patch their machines and will, eventually, become infected -- once such a worm is released.

Now have your say Got something to say about today's column, or want to see what others think?  Visit The Forums While you're here, why not visit the Aardvark Hall of Shame and perhaps make your own nomination.

A trojan which exploits this vulnerability has already been released into the wild through postings to various usenet porn newsgroups.

This piece of malware simply installs itself then downloads a backdoor and remote-access software that allows infected machines to be controlled remotely so that sensitive information can be compromised and/or a spam relay set up.

The effect of this trojan is peanuts however, when compared to a real worm that uses the same infection vector.

If the infected machine itself starts spreading by email, by posting infected images to various newsgroups, websites or whatever, then the rate of propagation will be astonishing.

All an ELS (evil little sod) has to do in order to launch his worm is to post an infected image file to any one of thousands of usenet newsgroups, upload it to any one of hundreds of thousands of online forums, send it out as an attachment to (or HTML element of) spam, etc.

Microsoft has offered a download that will scan your system and its various MS applications for vulnerability -- but it would appear (unless I'm mistaken) that many third-party aps built with Microsoft's tools may also carry a vulnerability and the MS tools don't seem to pick all these up.

Unfortunately, a JPEG worm is also going to be a very difficult one to squash at the firewall level -- the overhead involved in checking each and every JPEG image that comes through (for instance) a corporate firewall would cripple even a reasonably large system.

So there you are -- patch, patch, patch and cross your fingers folks.

What is this?
This piece on today's NZ Herald website is labeled as "comment" but, after reading it, I think it should have been labeled "Advertorial".

Quite frankly I'm astonished that the Herald would publish what is clearly nothing more than blatant advertising without a suitable advisory or disclaimer -- and no, I'm sorry but simply calling it a "comment" is NOT adequate.

Very poor judgement indeed!

I wonder how Telecom wangled that one?

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!