Lazarus
Part of the furniture
- Joined
- Dec 22, 2003
- Messages
- 2,874
New WORM Alert
- Thread starter Lazarus
- Start date
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
Formash
Fledgling Freddie
- Joined
- Jan 7, 2004
- Messages
- 482
Nothign to see for those who know what they are doing perhaps - for most, it may be a threat.
I would suggest to those who think they may have a the Virus / Worm, go to the Symantec website or whichever anti virus software you are / should be running, get the latest updates, scan your machine.
Also make sure u run a windows update - available usually through the Tools menu of Internet explorer or from here :
windowsupdate.microsoft.com.
I would suggest to those who think they may have a the Virus / Worm, go to the Symantec website or whichever anti virus software you are / should be running, get the latest updates, scan your machine.
Also make sure u run a windows update - available usually through the Tools menu of Internet explorer or from here :
windowsupdate.microsoft.com.
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
I see reading isnt your strong point.Formash said:
'Most' are not running Win2k. Hopefully the majority of those that are have already applied the updates from last week.
The problem doesnt exist for 95/98/etc.
The exploits dont work on XP/2k3, unless a obscure and virtually unused configuration option is set.
But sure, waste time running pointless scanners if thats your thing.
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
Laz theres a huge difference between a bug existing and a bug being actively exploited by a worm/virus/whatever.
For this one see 1, 2, and 3 if you really care.
Since it basically only targets unpatched, unfirewalled Win2k systems its almost a total non-issue. Any vulnerable system will likely be infected by countless other nasties already.
So as I tried to say: dont panic
For this one see 1, 2, and 3 if you really care.
Since it basically only targets unpatched, unfirewalled Win2k systems its almost a total non-issue. Any vulnerable system will likely be infected by countless other nasties already.
So as I tried to say: dont panic
Formash
Fledgling Freddie
- Joined
- Jan 7, 2004
- Messages
- 482
Reading may NOT be my strong point, but i work for the 2nd largest software company in the World - so i thought it pertinent to warn others of the 'threat' - i would prefer people were sure they don't have it, then to not run any checks , get stung and be unhappy, especially those who aren't that au fai with PC's, which is the majority of the PC using population.
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
And thats relevant how?Formash said:
Or is this now a penis waving contest?
The increasing frequency of 'omg virus panic' alerts just leads people to pay less attention to them. The next time theres something actually worth bothering about it'll be ignored by many, since the last 10 didnt cause any problem.
Shrug. Bullshit virus warnings have been a pet-hate of mine since the days of 'Dont read an email titled XYZ or it'll delete your hard drive', the frequency with which they are spread by those that should know better amuses me
Nothing tops a copy of 'GoodTimes' from the Universities head of IT though
This Worm has had no impact
As draylor said completely none issue will affect nobody as nobody uses Win 2000 anymore... well apart from almost all companies as there Windows servers and the odd thousand who use it as there common desktop client.
As draylor said completely none issue will affect nobody as nobody uses Win 2000 anymore... well apart from almost all companies as there Windows servers and the odd thousand who use it as there common desktop client.
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
For folks that would be reading this, and relying on it as a source of news, yes: it had no impact.
That does nicely answer the question of who is stupid enough to run unfirewalled, non-updated Win2k systems though
Amusing story really: but this is an exploit (for the same bug) that did not exist at the time this thread was created. Its also only news because a few media organisations had a problem with it, so far it appears to have infected a tiny number of systems.
That does nicely answer the question of who is stupid enough to run unfirewalled, non-updated Win2k systems though
Amusing story really: but this is an exploit (for the same bug) that did not exist at the time this thread was created. Its also only news because a few media organisations had a problem with it, so far it appears to have infected a tiny number of systems.
Bizarre as hell how this worm cleans out a load of spyware, it does point to (as some of the slashdot posters suggested) having been written by a competing spyware firm and they want to get rid of the opposition. Unlikely someones doing it for a good reason given the other effects the worm has.
Formash
Fledgling Freddie
- Joined
- Jan 7, 2004
- Messages
- 482
Draylor said:
Last comment from me : My point was : Most large companies still have Windows 2000 servers and end-users running 2k professional, as well as Win xp users.
and why would i want to wave my penis about? ahh ofc.. the penis mightier than the sword.
I'm only giving information to people, from the point of view of a company that got hit hard.. christ even microsoft was hit...(so a friend told me, who works there) guess that wasn't clear in my previous posts.
- Joined
- Dec 26, 2003
- Messages
- 9,353
I work for a Global company that was riddled with the virus - tens of thousands of users were affected and we were still sorting it out today - the costs throughout the entire company would be in the millions if not tens of millions - luckily we managed to keep it out of the press tho...
`mongoose
One of Freddy's beloved
- Joined
- Jan 9, 2004
- Messages
- 957
'Lo all
I was lucky - only one of our outreach centres got hit. The problem with these sorts of exploits is that some IT fellas don't patch them anyway thinking that the firewall will protect them. Then that guy who works from home comes in with his laptop and their network goes ballistic as the worm run's rampant.
Whilst I agreee that the number of hoax virus alerts that exist do result in people ignoring them, ignoring the Zotob.D worm as it now is would not be a good idea.
Personally, I patch as many vulnerabilities as I can. 1 less hole is 1 less fuckup waiting to happen imo.
M
I was lucky - only one of our outreach centres got hit. The problem with these sorts of exploits is that some IT fellas don't patch them anyway thinking that the firewall will protect them. Then that guy who works from home comes in with his laptop and their network goes ballistic as the worm run's rampant.
Whilst I agreee that the number of hoax virus alerts that exist do result in people ignoring them, ignoring the Zotob.D worm as it now is would not be a good idea.
Personally, I patch as many vulnerabilities as I can. 1 less hole is 1 less fuckup waiting to happen imo.
M
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
2 problems there`mongoose said:
1. Any admin doing that needs fired.
2. Any company with policies that allow unpatched, unfirewalled, laptops (that clearly dont even have working antivirus software) to be used in that way is a disaster waiting to happen.
Any company having major problems as a result of this needs to take a good look at their IT admin staff and/or their policies. This wasnt something unexpected, or anything clever. Just another bog-standard run of the mill worm that should have caused no problem at all to any semi-competently run network.
Athan
Resident Freddy
- Joined
- Dec 24, 2003
- Messages
- 1,063
Your problem Draylor is you expect too much of people (note, I'm of the same opinions as yourself about what people SHOULD do and how secure things SHOULD be, but reality is far removed from this).
Just admit that people are more stupid than you thought and that in hindsight your initial "nothing to worry about" assessment was flawed.
-Ath
Just admit that people are more stupid than you thought and that in hindsight your initial "nothing to worry about" assessment was flawed.
-Ath
Draylor
Part of the furniture
- Joined
- Dec 23, 2003
- Messages
- 2,591
It wasnt when taken in context. This isnt a 'teach clueless admins how to do their job' site, for folks home systems etc this was a non issue.Athan said:
I also rarely underestimate peoples stupidity. If anything I overestimate it at times
`mongoose
One of Freddy's beloved
- Joined
- Jan 9, 2004
- Messages
- 957
Draylor said:
Given that
a) the company director knows the importance of good infrastructure
b) is lucky enough to have hired a competent administrator/manager
c) has that sort of control over the network
We spend alot on securing our network but to lock down every point on a lan to prevent unauthorised access is something that, tbh, isn't going to happen without a hell of a lot more investment.
Everyone knows the case studies and the importance of it, having the resource to do it is an entirely different kettle of fish. Whilst a member of staff connecting their unpatched virus riddled pc to the network may be a sackable offence, when was the last time you saw it happen?
Finally, whilst it might be a bog standard run of the mill worm, the release of the virus pending the vulnerabily alert was impressively quick.
As I said it didn't hit us bar killing one dodgy old pc in an outreach centre that's closed for the summer, no big deal... knowing the challenges facing many other education institutions tho, I wouldn't be surprised if some of them have it and still don't know.
M
babs
Can't get enough of FH
- Joined
- Dec 30, 2003
- Messages
- 1,595
It's also quite common practise to NOT patch as soon as a patch is available, especially when you require antiquated/obscure hardware and software running at a server level. We for example do update and keep secure, but never just jump into a patch until we're sure of what it's going to impact. And yes, occasionally they do break things.
As everyone's already said, ideal world != sysadmin's world. Most places don't want to spend anything until it's too late.
It's not just home users and network admins who are potentially affected with these sorts of things either, SMEs (more often than not clueless) have a HUGE headache with these sorts of things (and ergo so do I)
As everyone's already said, ideal world != sysadmin's world. Most places don't want to spend anything until it's too late.
It's not just home users and network admins who are potentially affected with these sorts of things either, SMEs (more often than not clueless) have a HUGE headache with these sorts of things (and ergo so do I
)