Skip to comments.
W32 Blaster Worm
http://www.cert.org/advisories/CA-2003-20.html ^
| CERT
Posted on 08/12/2003 11:30:56 AM PDT by dfrussell
This thing seems to be spreading quite quickly. If you're using MS and haven't verified your system, you should.
If you're not using a firewall, you should.
http://www.sygate.com will allow you to download and install a personal firewall -- it's easy to install.
Internet Security Systems (http://www.iss.net) has released a scan tool to check for the MS03-026 patch on Windows servers.
Location:
http://www.iss.net/support/product_utilities/ms03-026rpc.php
TOPICS: News/Current Events; Technical
KEYWORDS: lovesan; mdm; ms; w32blasterworm; worm
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-80 next last
To: dfrussell
Had to deal with this one last night.
On Win2k Pro I just got an error about svchost.exe failing, and then my system would "wig out" on me. couldn't cut and paste and stuff.
I knew I should be running some firewall software, but just didn't get it quick enough. Shold have patched up too.
Oh well.
Interesting to note that Anti-virus software wouldn't have caught it anyway. At least Idon't think it would have.
Symantec virus scan didn't find it last night.
41
posted on
08/12/2003 12:39:18 PM PDT
by
NormB
To: Incorrigible
To be safe, everyone should re-format and install Linux.
42
posted on
08/12/2003 12:46:38 PM PDT
by
TechJunkYard
(because... so much is riding on your wires)
To: All
Just curious. Does anyone know how to set up Zone Alarm on a webserver? I set it up once but it blocked traffic to the web site.
43
posted on
08/12/2003 12:48:47 PM PDT
by
AppyPappy
(If You're Not A Part Of The Solution, There's Good Money To Be Made In Prolonging The Problem.)
To: dfrussell
Thanks. Our external internet seems to be ok, but I have found 5 vulnerable systems on our internal lan.
Freepers are the best.
44
posted on
08/12/2003 12:50:25 PM PDT
by
dinasour
To: dfwgator
And if you are a network administrator and you let this worm get through, you should start looking for another job.Hey, it's not that easy. One guy has over 100 Windows servers. He's installed the patch on all of them already buy not rebooted them all to have it take effect. Rebooting things ends services that may be mission critical. He's had about 2 weeks to take care of 100 servers and maybe 1000 workstations. Having done all that the network is still somewhat vulnerable to people docking inside the firewall who are infected. Really bad virus's are not simple to defeat. I therefore disagree with you assertion that the mere infection of a computer is a reasonable cause for termination of the sysadmin responsible for it.
To: dfwgator
And if you are a network administrator and you let this worm get through, you should start looking for another job.Hey, it's not that easy. One guy has over 100 Windows servers. He's installed the patch on all of them already buy not rebooted them all to have it take effect. Rebooting things ends services that may be mission critical. He's had about 2 weeks to take care of 100 servers and maybe 1000 workstations. Having done all that the network is still somewhat vulnerable to people docking inside the firewall who are infected. Really bad virus's are not simple to defeat. I therefore disagree with you assertion that the mere infection of a computer is a reasonable cause for termination of the sysadmin responsible for it.
To: dd5339
Ping for post 12
Semper Fi
47
posted on
08/12/2003 12:52:35 PM PDT
by
dd5339
(Lookout Texas, here we freaking are!)
To: Iowa Granny
ping
48
posted on
08/12/2003 12:52:59 PM PDT
by
kayak
(God bless President Bush, our military, and our nation!)
To: NormB
I had the same thing on Win 2000, except the computer continued running normally with a few functions, like file transfers disabled. Win XP just kept rebooting anywhere from 5 seconds after starting, to 15 or so minutes. What a pain. I'm getting closer to using the ultimate windows patch.
49
posted on
08/12/2003 12:53:16 PM PDT
by
kylaka
To: dfrussell
SCREW THE BLASTER VIRUS!
I got this fricken thing on my home computer yesterday. Armed with more knowledge I am going home to kill the dragon and put it out of its freaking misery.
Luckily I am at work right now where my network's computers are safe and sound behind the glorious FIREWALL~!
To: Centurion2000
Proud firewall admin watching the lava break against my defenses. Yup. Woohoo! No Pasaran!
Of course, merely posting this will tell the Computer Gods that I am ripe for yet another Humbling Experience. Gotta go cut a chicken in the server room...
On the serious side, I've received reports that those who don't keep their patches current - you know who you are - may find application of this fix to Win2K boxes not patched to SP2 may find a little bluescreen awaiting them. What fun!
"Yeah, boss, that's just the new company wallpaper, trust me..."
To: Billthedrill
...Gotta go cut a chicken in the server room... What does that mean?
52
posted on
08/12/2003 1:00:43 PM PDT
by
SGCOS
To: Jack Black
Even without the Microsoft patch, there is the little matter of the firewall, why even leave those ports open?
53
posted on
08/12/2003 1:03:30 PM PDT
by
dfwgator
To: kylaka
>>I'm getting closer to using the ultimate windows patch.
NOT THAT!!!!
I refuse to use some hippy OS.
54
posted on
08/12/2003 1:07:09 PM PDT
by
NormB
To: SGCOS
It means I must sacrifice to the Server Gods. People think these things run on electrons. No so. Evil spirits. Ask any SysAdmin...
To: TechJunkYard
what are peoples experience w/ Zone Alarm, Black Ice and other firewalls? I've been running ZA and like it. It is a little bit of a pain in the training period. I'm running the free version though, so who can complain. What are the advantages of the others? Anybody pay the $39 bux to ZA. I think I'm going to. I can afford it and it seems to work.
To: dfwgator
That's a bit harsh. All it takes is for an employee to take their laptop home, connect it to the net, get the virus and then bring the virus in-house.
Mr. FourPeas is in IT security for a Fortune 500 company. Hubby is now trying to cleanse a network at a remote location where no one seems to take it seriously. He actually is having to run a script to shut down various computers every ten minutes because the yahoos at the remote keep turning them back on even through they're known to be infected.
57
posted on
08/12/2003 1:29:21 PM PDT
by
FourPeas
To: FourPeas
I will grant you that, fine. But still it should be someone's responsibility to ensure that those laptops are kept up to date with the latest Microsoft patches. This is not the first time something like this has happened. Seems to me these people are making pretty good money in this economy, they need to start being responsible for keeping their laptops up to date, or there needs to be someone on their case making sure it gets done. This costs companies way too much money to take lightly.
58
posted on
08/12/2003 1:35:42 PM PDT
by
dfwgator
To: NormB
I refuse to use some hippy OS. Which reminds me.... cut and paste is also disabled. As I do a 2 hour download of Win2000 sp4, I have visions of an OS that has more patches and hotfixes than some innertubes I used to own.
59
posted on
08/12/2003 1:39:26 PM PDT
by
kylaka
To: dfrussell
Thanks for the heads-up.
60
posted on
08/12/2003 1:48:41 PM PDT
by
american spirit
(ILLEGAL IMMIGRATION = NATIONAL SUICIDE)
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-80 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson