RealTime IT News

Victims of 911 Worm: FBI Warning Was No Hype

Self-diagnosed victims of the 911 Worm Thursday credited the FBI with protecting their hard disks from possible disaster. But others question whether the incident which began April Fools' Day is just the latest example of Internet-induced virus hysteria.

"If it wasn't for list warnings, I wouldn't have caught it on time, and it would have detonated and wiped out my whole database and contacts," said Howard Gleichman, a paramedic in Fort Lauderdale, Florida, who said he discovered the worm on his hard drive Sunday after reading about it on an e-mail list for emergency management personnel. Gleichman said he subsequently forwarded the alert to more than 100 other people.

The FBI's advisory warned that the 911 Worm, also known as Chode or Firkin, could delete the contents of a victim's hard drive, and use the computer's modem to place calls to 911 emergency lines. The FBI said the worm infects Windows 95/98 PCs connected to the Internet and which have had Windows file or print sharing enabled.

Sources said the FBI believes the worm was originally propagated by an individual in the Houston, Texas area, but FBI officials declined to provide more details because of the ongoing nature of the investigation.

While InternetNews has received half a dozen reports from users claiming to be infected by the worm, none of the incidents involved data destruction.

"That's the whole point of early intervention. Who knows what would have happened if we hadn't reacted as aggressively as we had," said Stephen Northcutt, director of the Global Incident Analysis Center operated by the SANS Institute, which distributed a detailed warning about the worm Sunday in response to the FBI advisory. According to Northcutt, GIAC has subsequently received "a dozen or so" reports of the 911 Worm.

The SANS warning helped set off a wave of postings to lists and message boards, as users feverishly followed its admonition to get the word out.

Northcutt admitted Thursday that the 911 Worm is not nearly as widespread as the notorious Melissa virus outbreak, but he said the FBI did the right thing by getting the word out.

"If they had knowledge of it and they hadn't told us, everyone would have wanted to smack them. The good news is, it was terribly educational and lots of people checked their shares and turned them off because they had no good reason for having it," said Northcutt.

But some anti-virus software vendors and security experts were quick to downplay the risk. Representatives of McAfee Associates and Firsk Software International noted earlier this week that the worm by design would be difficult to spread, and were critical of the FBI for needlessly creating panic. In an incident note on the 911 Worm released Tuesday, the Computer Emergency Response Team at Carnegie Mellon University said it received no direct reports of systems infected with this worm.

Ellen Rudd, a visiting Lecturer in the Department of Computer Technology at Purdue University's School of Engineering and Technology, said the FBI alert and the subsequent response by users were appropriate.

"I came home Sunday, logged on to my email, and it was full of messages about this virus. I immediately went into Find and typed in Chode, and it came up that it was on my computer," said Rudd, who first heard about the worm Sunday from a genealogy mailing list operated by Rootsweb.

"If it weren't for those warning messages, I wouldn't have had a clue to look for it," she said.

The experience of sev