Web Worm Attacks Windows, Spreads Fast, Experts Say

SAN FRANCISCO (Reuters)

An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.'s Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.

The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP that lets computers share files, among other activities. -

The worm contains code that includes a phrase: "Billy Gates why do you make this possible? Stop making money and fix your software!!," according to SANS.

Anti-virus provider Network Associates rated it a medium risk for consumers and corporate computer users, while rival Symantec Corp. rated it a high risk for distribution and a low risk for damage. -

Mine showed-up at around 4pm yesterday. I went to bed, woke-up at 3am, and fought to patch and clean the system for about two and a half hours. This one's a real pain in the @ss.

http://www.zonelabs.com/store/content/company/zap_za_grid.jsp

How about a nice anti-virus program?
http://www.symantecstore.com/dr/v2/ec_Main.Entry?SP=10007&SID=27674&CID=0&DSP=0&CUR=840&CACHE_ID=0
http://us.mcafee.com/default.asp


Way too many people are running naked through the brambles.

For the unclued....
http://www.symantec.com/

In the last couple of weeks, my firewall has blocked many thousands of probes to RPC ports. Port 135, in particular, is a very popular port for probes I've gotten from IP addys all over the planet.

Here's a typical log entry (IP munged):
2003/08/12 9:00:25 AM GMT -0400: 3Com EtherLink 10..<0002> Blocking incoming TCP: src=69.9.199.233, dst=69.14.*.*, sport=4774, dport=135.

I thought cox.net had started blocking port 135 traffic but there was another flurry of it this morning.

Any Windows user who uses a dedicated Internet connection and doesn't at least have ZoneAlarm or the built-in firewall that comes with XP, and who doesn't keep up with all of the patches, is asking for trouble.

http://windowsupdate.microsoft.com

... the "cure" is worse than the problem. I would never, ever agree with (or patronize) any ISP that blocks ports, either incoming or outgoing.

All of the high-speed connections available in my neighborhood block port 80 and NetBIOS traffic at a minimum. I think it's a ripoff and a chickenshit way to reduce bandwidth utilization, but it does protect a lot of naive people from exposing themselves to the hazards of the raw Internet.

Why do they block http?

Or is this only blocking outbound port 80 (which owuld keep people from using bandwidth on a personal web server)?

Port 80's blocked 'cause your terms of service with most
broadband providers prevent you from running servers (including
HTTP servers).

I know ComCast "polls" to see that I'm not doing so; my firewall
keeps me in compliance with their ToS.

Atlant

No servers and supposedly only one box connected. My current couter is configured to even spoof the MAC address and name of the box I originally connected to the cable modem.

No outbound http. I understand where you're coming from now.

I can connect 4 machines on mine and it looks like one IP address on one MAC address to the ISP.

And it's also an 802.11g wireless access point. I will quite often be doing work in the evenings on my laptop while sitting on the couch. No wires attached.

Of course, I run WEP with 128 bit encryption, don't advertise my SSID, altered my admin password before doing anything else, and have a MAC address listing for those network devices allowed to connect to the access point.

Yeah, I know that's not enough security to completely thwart any attempt to get into my home network, but it should be enough to convince the average war driver to head down the street and find another wireless network.

126 proxy-served nodes or thereabouts.

but could easily alter the address space. It's currently set up as a class C, but I could do just about any address range in the private IP space of 10.x.x.x

Not to mention setting up a dual homed box as a router to add additional boxes into the mix. ;)

Most have been IP addresses from within our university network although I keep getting alot from some place in Miami. I live on an international floor, with many South Korean and Japanese kids, so I'd be willing to bet that it came from someone in Asia and is working it's way through our network. Either way, yesterday, the internet slowed to a crawl across campus.

Hey, just got two while I was typing this! Everyone, at the very least, download the free ZoneAlarm.

Lots of operating systems are immune from essentially all of
these viruses.

One family of "operating systems" (and I use the term loosely)
is susceptible to essentially ALL of these viruses.

Just stop running the disease-ridden pile of crap and your
virus problems will be behind you.

Atlant

Atlant, don't take this personally but your statement reeks of upper middle class white techno-geek snobbery. Not everyone has the technical aptitude to deal with Linux, and not everyone has the bucks to afford a Macintosh.

On edit: It's funny, but before I read your other replies here I couldn't tell whether you were a Linux geek or a Mac weenie. Both look down their noses at us "poor helpless" Windows users, yet the two aforementioned groups are diametrically opposed in their technical aptitude. When you need to debug something on a Linux box you really have to know what you're doing. On a Mac you have to trust the OS to fix it for you otherwise you have a boat anchor.

Please start your own anti-Windows thread if you must snub the most popular OS in the world. Some people here are innocent newbies seeking help and advice. They don't need your incessant put-downs.

Quite honestly, it's simply not true that Macs are a lot more
expensive than a SIMILARLY CONFIGURED, NAME-BRAND
Windows system. The difference varies from a few dollars
IN THE MAC'S FAVOR to a few hundred dollars in the
Windows system's favor (and the difference shifts constantly
as newer systems are released and the price of older systems
is cut to clear them out of inventory).

And when you add the cost of data loss and the fact that
the Mac system will often be productive much longer than
the Windows system, the Mac is often far, far cheaper to
own.

(NB: This comparison does not apply to people who build
their own "White-Box" Windows systems. As far as I'm
concerned, these people are better thought-of as
"computer hobbyists" than computer users. They're
much more akin to Amateur Radio enthusiasts.)

I need to USE my computers, not screw around
with them. So I run MacOS/X.

It's that simple.

Atlant

it'd be more interesting for hackers to attack 'em.

> besides, if Linux & MAC had a wider installed base, it'd be more
> interesting for hackers to attack 'em.

It wouldn't matter. As I've mentioned (more than once),
there are technical differences in the Unix-based
operating systems that render them inherently less-
vulnerable to attack.

Atlant

A poorly configured UNIX System is almost as unsecure as a poorly configured Windows one.
Although there are few UNIX viruses right now, there will be more in the future.
More software, standardization and a growing user base will lead to more attacks on UNIX systems.

> Although there are few UNIX viruses right now, there will be more in
> the future. More software, standardization and a growing user base
> will lead to more attacks on UNIX systems.

People have been promising this since Linux hit the scene.
"Oh, just wait; it's just that the virus writers write for
the platforms with the most marketshare!"

Yeah, and the fact that the indows platforms are veritable
Swiss Cheese that any script kiddie can hack has nothing to
do with it.

There are fundamental differences between Windows and Unix
(and OS/X, Linux, VMS, MVS, etc.) that make it really, really
hard to write powerful viruses, worms, and trojans for those
other platforms. Most of the stupid "buffer-overflow" exploits
were made impossible years ago. Many of the exploits couldn't
work in the first case (because you simply can't EVER
execute code from the stack on many of these systems).

I'll believe in the flood of Unix viruses when I see it.

Atlant

Just to get the Linux snobs to pipe down.

We have 2 machines here that run Linux. The pain and suffering I've seen their "tender" go through trying to get them up and functioning is more than I care to go through with my home machines just so I can sit there and go "Screw you, Mr. Gates. you didn't make any money off *ME* today!"

> I wish the script-kiddies WOULD start writing UNIX virii...

You missed my point in another posting. The script-kiddies
CAN'T translate most Windows viruses to Unix (etc.)
because Unix simply isn't designed to be a Swiss Cheese.
Unix has a real file system, real multi-user protection, real
memory protection, many Unixes prevent stack-overflow/buffer-
overflow exploits IN HARDWARE, etc.

Unix (etc.) was designed to be secure.

Windows was designed to allow you a great deal of ease doing a
whole lot of this-program-controls-that-program stuff. And
that's why Windows can NEVER be locked down without
redesigning essentially ALL of the software.

Windows provides the script-kiddies with a ready-made hacking
toolkit; Unix (etc.) doesn't. And both do so/don't do so by
their original design goals.

Believe me; this is something I know about very well. I
know the principal architect of Windows/NT and I
used to develop software for the operating system group
he once managed that developed VMS, an operating system
that may well have been the world's best operating system
in its day. Nowadays, I'm just a mere Solaris hacker, but
I still know a thing or two about operating system design
(and mis-design).

Atlant

... I follow your arguments 100%. Unfortunately, many (most?) of us
are constrained by our company's choice of OS vendor and as the company
choices are made by the Financial Director (or one of their junior
bean-counters), it almost always trickles down to the good old
cheap'n'nasty from Seattle. (Yes, I know about firewalls too.)

The script kiddies cannot make a virus on other platforms due to the
inherently secure architecture of (almost) every other platform.
What they can do (and have done) is create worms (like the one that
is the subject of this thread), trojans and downright malicious code.
As long as the systems are highly priced servers (Sparc, Alpha) that
live in secured areas, tended by specialists, then the chance of an
accidental infection is minimal. Once Linux becomes a low maintenance
easy to install O/S then the risks will increase as the user will be
less of an enthusiast, less skilled and more vulnerable.

I used to debug VMS device drivers in a different life (graphics)
before moving onto Unix variants then comms then databases and am now
watching my career expectations evaporate on a weekly basis.

Nihil

> I used to debug VMS device drivers in a different life (graphics)

Small world -- I used to write VMS device drivers. :-)

See the code in SYS$EXAMPLES: DQDRIVER.C (of which older versions
are also posted out on the web).

Atlant

W32.Winux
http://www.cnn.com/2001/TECH/internet/03/28/virus.winux.02/

Linux.Slapper.Worm (Buffer Overflow)
http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.worm.html

RST.b
http://www.itweb.co.za/sections/internet/2002/0201071045.asp

Adore worm
http://news.com.com/2100-1001-255283.html?legacy=cnet

There are plenty more. The reason you are not seeing a "flood" of LINUX viruses is due to the fact that the installed base is still relatively small. The Windows bashing is pure BS. I'll bet you are a former Windows user yourself. All of you LINUX users out there sound like ex-smokers. Give the LINUX preaching a rest, it is simply not ready for prime time when it comes to usability and it is no more secure then Windows. I have been using Windows since the days of 3.1 and have never had a virus, trojan, spyware infestation or any other system compromise.

Jay

Referring just to my own work and home desktop machines (I've done planty of virus cleanup on other peoples' systems).

At the moment I put a suspect floppy disk into the A: drive of my PC at Andersen Consulting where I was a sysadmin, the power went out in our building. I had to rush down a flight of stairs to a server room to gracefully down some oddball systems before the UPS battery went out. But the power came back on right away. My desktop booted on the floppy and picked up a boot sector virus.

I fixed it with my magic DOS 6.2 boot disk with the following commands in its autoexec.bat file:

FDISK /MBR
SYS C:

That sequence cured almost all virus problems in those Windows 3.1 days.

to update 15 PC's and 3 servers to the latest version of our anti-virus software and close all of the ports on our firewall that are used by the virus. It is all about preparation and a small amount of knowledge. I wonder how many MS$ users have a permanent Windows System Update globe in their system tray patiently waiting for them to harden their OS?

Jay

(It IS my job.)

Even ones with Automatic Update need to be checked now and then. We do not have auto update on our development servers, just in case one of the critical patches causes a malfunction.

against MS$... their patches, often enough, break two things for every one they fix. That’s just an example of the right hand not knowing what the left is doing when it comes to development though. It's too bad MS doesn't have a rudimentary virus scanner built into Windows. I'm not sure they ever will either, as soon as they did McAfee of Symantec would sue over anti-trust issues.

Jay

Change the boot sequence to c:, a:, cd etc.

When you specifically need floppy or cd boot, change accordingly.

C: will almost always work, but when you see it trying for a:, you know you face grief.

It was a Micro Channel bus IBM PS/2.

I have a small home network that supports my various consulting efforts. I don't have the option of not running Windows, in various incarnations, to support my clients and on-going development.

I use a Siemens firewall/router, and run systems with Win2K, WinXP, SuSE Linux, TurboLinux, WinXP over VMWare on a Linux system, and an old 286 running Win95 (barely). I'd have Novell up if I had another machine to put it on.

No problems with MSBlaster so far, but I'm current on updates. But don't think that the whole world can change just because you think it's a Good Idea.

Would I be reading it if I had a Windoze machine?

Both Windows and Linux plus a couple of OpenBSD-based firewalls and load balancing boxes, an old Novell server, and a Cisco router. I'm also browsing and posting on Usenet, reading my email, and participating in multiple other Web-based discussions. All on Windows 2000.

If I was using a Mac I would not be able to do all of these tasks.

> If I was using a Mac I would not be able to do all of these tasks.

Why not?

Atlant

Specifically Windows Terminal Services. I'd also need a true remote console application like PCAnywhere or even VNC.

Most of the production servers I control run Windows.

And don't tell me to convert my company's whole friggin' server farm to Macs. We have several million dollars worth of custom software that would have to be rewritten from the ground up. It's not an option.

> Specifically Windows Terminal Services.

Aparently, this is available.

http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%22Windows+Terminal+Services%22+Macintosh


or even VNC:

http://www.google.com/search?q=VNC+Macintosh&hl=en&lr=&ie=ISO-8859-1


PCanywhere, I don't know about; perhaps not.


Really, people put up with endless Microsoft pain apparently
on the ASSUMPTION that there aren't any alternatives.

Atlant


Joke:

Q: What do you get if you put a bomb inside your Windows system?

A: PCeverywhere.

Now for a harder question:

Got an enterprise-level database server, or am I stuck using the hideous FileMaker or a Mac client for Oracle or SQL Server?

...like OpenBase, FrontBase, etc... Plus the open source ones, like MySQL, Postgres, etc...

I tried out the Oracle dev release, and the Sybase beta blew it away out of the box (but I hadn't done any 'tuning' on the Oracle configuration).

BTW, I use VNC client on OSX to set up Crystal reports on a Windows machine. Works fine, but is a little bit slower than 'being there' (but, it's not like it's a 3D game or anything...so who cares).

Mac OS X is much closer technically to BSD Un*x than Mac OS 9, so most of the BSD stuff is also available on OS X. (for XWindows, use Apple's X11 server...it's free, and it's fast).

In fact you could run that whole shebang a lot more effectively on a Mac, esp if it was on a new G5 or a G4. Get over your Bill Gates fixation, his software is nothing but a POS. I know several IT pros who run large, multi platform networks on nothing but Macs. And damn, they don't have to worry about viruses and backdoors that Gates builds in.

Another knee-jerk Mac cheerleader.

FYI I am running multiple suites of Windows 2000/SQL Server 2000 applications and multiple suites of Linux/Apache/MySQL applications. I'm talking about over 100 machines counting development and QA environments.

Yeah, sure, I'll just port the whole thing over to a couple of G5s over my lunch break.

:freak:

But I have a friend who is, and quite frankly he is running the whole network(est. 200 computers)for a small college off of a couple of Mac G4 servers(yes, G4s aren't just desktop machines) using OSX for servers. This includes computer labs, networking to the dorms, desktop Wintel boxes, the whole "shebang". It is possible(though not over your lunch), and quite frankly a better long term investment than using Wintel servers, for there is much more stability with less downtime and maintenence.

Sorry, I'm a layman describing this, there is no need to be snippy. I assume you are an intelligent person, tell you what, describe to me how a nuclear reactor works(I work at one) and I can laugh and get snippy at your language, what do you think?

Sorry, I did not mean to be snippy. Apple Computer was in the wrong condition at the wrong time to have been a viable candidate for our main Internet server platform.

Our initial attempt at a product offering ran on the Apple Set-Top Box, a device that was supposed to evolve toward "convergence" between a television set and a fully functional computer. The year was 1993 (I started in 1996). Our first and still flagship product is based on CD-ROM and aimed at kids from grades K-6.

When it became apparent that the Set-Top Box was headed for extinction we changed gears and ported all of our software to run on desktop computers. Because it relied on full-screen, full-motion video a hardware MPEG decoder was needed to make it run. So we ported the code to run on first Macintosh computers then on PCs. Then a funny series of events happened: Apple damn near went bankrupt and even lost share in its traditional "safe" market, schools.

In its scramble to recover Apple changed hardware platforms twice - First to the NuBus (sp?) then to PCI in rapid succession. Along the way they failed to provide a flexible way to decode MPEG videos or any other format to which we could have ported our software. Apple failed to address our needs while Microsoft developed software MPEG decoding just as machines were getting fast enough to handle it. That was toward the end of 1997. The process took about a year to complete. And to avoid relying on a single platform and for other reasons we also ported our code to Sony PlayStation.

So there we were with software that ran decently on PCs and PlayStations but not on anything made by Apple. The only way a Mac would fit our needs was as a TV monitor. We shipped a lot of Video In cards to beta customers.

Meanwhile, back at the office, management became convinced that we needed at the very least a presence on the Internet. That was still the upswing of the Dot Com era. So after an analysis of platforms available at that time we produced some content and tools and other resources. We went through a few gyrations of course: Netscape server, then Java, looked at some Unix flavors, Alpha servers, etc. and finally settled on essentially an all Microsoft suite: Visual Basic, C++, SQL Server, etc. Apple Computer was still in such a mess and was so lacking in development systems that integrated into what we required that avoiding it altogether seemed like the right thing to do. We very quickly built up an Internet server and database infrastructure capable of supporting millions of customers. And maybe some day they will come. :shrug:

Even in our somewhat distressed state our servers, including Linux-based applications that we acquired when we bought a couple of other companies, get hundreds of thousands of hits per day.

We still support Macs, but only as Web clients and internal development machines for graphic artists and audio engineers. People who use them love them to death. When we QA our Internet sites they all have to run properly on Mac clients or they don't ship.

Frankly I don't give a hoot what kind of machine or what OS anyone prefers to use. I am way into Windows because I get paid well to support Windows servers and applications. A lot of the knowledge you gain on any platform applies to all platforms - How to structure a database, writing SQL, managing files, backing up systems, etc. I would not be so quick to say that Mac G4 servers are inherently better as investments than Wintel. We used some for a while for FileMaker Pro databases, file and print services, etc. and have abandoned them in favor of Network Attached Storage, Storage Area Networks, and Windows servers. Our experience with Mac servers was that they have downtime and require about the same amount of maintenance as a comparable Windows machine.

I don't know very much about how a real nuclear plant works, but I did watch The China Syndrome the other night.

Haven't seen it in a long while, but I do remember it was a bit sketchy on the nuts and bolts of a nuke plant's operation.
The one I work at is a small research reactor, we kick out cancer treatments for patients worldwide. So if you ever get the Big C, you know who to talk to;)

Understand why you went with Windows, Apple did nearly die in the mid-90s, the years before the second coming of Jobs were pretty dark, I was even wondering if I was going to get stranded with an orphaned machine. I don't blame you for going with Windows machines. But give Apple a thought the next time your company decides to go with a major rework of your network. Then as the Mac get more popular we can start seeing viruses written for it and know that the day of the Apple has arrived:)

on SNL

along with the Army to provide them with Windows XP and Office..:eyes: Oh yeah, that helps me feel alot more secure :argh:

Thank god I use an imac with Mac OS X :bounce:

http://story.news.yahoo.com/news?tmpl=story&cid=528&ncid=528&e=3&u=/ap/20030811/ap_on_hi_te/internet_attack

good links down the bottom of the article

Network Associates: http://vil.nai.com/vil/content/v_100547.htm

Symantec: www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Microsoft warning: www.microsoft.com/security/security_bulletins/ms03-026.asp

Government warning: www.nipc.gov/warnings/advisories/2003/Potential7302003.htm

Three steps:

1. Re-format your hard disk drives.
   
   
2. Sell your computer.
   
   
3. Buy a Mac.
   
   

You'll probably never need to worry about viruses again
(except maybe Word and Excel "macro" viruses, but Microsoft
seems to have plugged at least that one security hole).

Atlant

As my company's office manager/ full-charge bookkeeper I use Quickbooks, Quicken and Excel. Everyone else here is on Macs for the desktop publishing we do to write our newsletter.

I have seen and used Mac's versions of all 3 of my critical programs extensively and they are all vastly inferior to the ones on my Windoze machine. I have the only PC in the office.

I won't switch until the Mac versions of all my programs are as good as the PC versions of them.

I would love to get rid of Windows as my operating system is of minor importance to me on a daily basis. I absolutely do not care about my OS but I can't do my job without my apps that need it to run.

I can't speak to Quicken or Quickbooks, but Excel pretty much
has "feature parity" between Windows and Macintosh (at least
if you're running a current version).

I routinely interchange spreadsheets between my Win2K system
and my Macs running OfficeX.

(And I think I heard that Quicken is about to be rev'ed for better
feature-parity, but I never touch the stuff.)

Atlant

I've been with Excel since the 80s with every version on both platforms and in every job I've had I've always been the resident Excel Guru.

Everyone in the office now who has Excel on their Macs always asks me how to do something/where is a certain feature, and it's always a chore to try to find in the Mac version how to do something that is easily found in the Win version, if it's there at all.

I hate Windoze, but I'm stuck with it until Linux works with Quicken, Quickbooks and Excel or unless I change careers and go to beauty school or something. But I don't hate Windoze that much yet. :)

The only decent spreadsheet available for the PC/XT in 1988 (?) was Lotus 1-2-3 version 2.0 which in its hideous 4-color CGA text SUCKED THE BIG ONE compared to Excel on a monochrome Macintosh SE. The Mac machines really did seem to be light-years ahead of the PCs at the time.

Maybe you're just more-used to the Windows version.
I have no trouble finding the features on either.

You are speaking of the current version of Excel/Mac,
right?

Atlant

Quick Books is okay but quicken is just a personal money managing program that has no place in business. I use Quick Books and it has many bugs I wish it didn't. Try eliminating an item or customer without eliminating every single transaction they were ever involved with.

And the company and payroll are in Quickbooks, and all my boss' checking and investment accounts in Quicken.

The virus kills the reformat process halfway through.

Best tongue-in-cheek reply of the thread.

At least, I hope William is joking.

You cannot reformat. The process is killed by the worm.

Is the format being done to the system disk while the OS is running? If so the virus would have little to nothing to do with the format stopping. If the format is being run from a boot disk it would be nigh impossible for the virus to stop it because it is a Windows exploit, not a DOS exploit. If the format is being run from a boot disk try this before the format.

from the command prompt

fdisk /mbr -enter-


Jay

The command prompt in Windows 2000, Windows Server 2003, and Windows XP is not DOS.

The worm does nto allow these commands, nor does it allow for windows update to be run. Also, from what I've heard, it does not even allow virus scan engines to work.

How is a format, performed from within the OS, of the system partition ever going to complete? You are trying to format the drive that runs your PC while it is running. You need to boot with a DOS boot disk or NT-derivative startup disk to format the system disk of a single OS PC.

Jay

-Edited For Content-

Best bet is to fix it with the Symantec fix, install the patch and be done with it.

Jay

If you really want to convert to Linux you need only boot from a Linux boot diskette and root diskette.

:grr:

Hope u didn't lose any of your writings.

4: repurchase $10,000 worth of software and peripherals. explain to accounting why two hours of your time fixing a virus (for which Symantec and Microsoft have had solutions since this morning, 12 hours after it was circulated) is worth $10,000 worth of new software, since your old versions are no longer compatible.

By the way, have you ever tried to print off a powerbook on a foreign (literally, in Spain) network? We had the tech guru from the Foreign Ministry in Madrid working on it. didn't work. oh, so let's remember to add "buy travel printers for all staff" and "reformat all old files to ensure compatibility"

ohh, that is a time and money saver, ain't it?

Look, I have a mac at home. But switching over the three computers in my office alone to Macs would cost us $10,000 at least. get off your macintrash high horse.

If you think you'll spend $10,000 on software for your
new Mac, you're either smoking something or using the
wrong software vendor.

Hints:

"Cross-grades" -- at least some of your vendors will sell
you inexpensively the Mac version of your currently-licensed
Windows software. Your software IS licensed, right?

Built-in software -- The Mac comes pretty-well equipted from
the factory with the basic tools for photo, audio, and video
editing, DVD authoring; many people don't need to buy anything
else!

But even if you're buying the high-priced software, it's
pretty damned hard to spend $10,000 when Photoshop brand
new is something like $600 and the entire Macromedia "MX"
suite is something like $1,000.

And peripherals? Forget about spending money; just move
your existing peripherals. Since the advent of USB and
Firewire, there are very few peripherals that are Mac-
specific.

And if you're already in the multi-thousand dollar price
band, you OF COURSE already have networked Postscript
printers, so there's no issue there.

Perhaps you need to spend some time cruising the Mac
catalogs and vendor sites; your Mac knowledge seems to
be dated.

Atlant

to donate that kind of cash to my small non-profit (I'll need ten desktops, ten laptops (we all travel a lot), new printers (5 laser, 5 inkjet)(unless you can tell me how to jam a serial cable into a mac) new software licenses for Office suite (X20), photoshop (X5), dreamweaver (X5), our database ($5,000 right there), Quickbooks, Publisher (X5)

If you think you can do that under $10,000, you let me know.

Your original posting made it sound like you were discussing
the software cost PER MACHINE (as I was discussing the
hardware cost PER MACHINE in my earlier posting).

I see that you're discussing 20 machines, so that's really
only $500/machine.

You never know; even at a non-profit, it might pay back
in increased productivity and decreased support costs.
And, of course, you've consulted the vendors soliciting
donations and reduced prices given your 501(c)3 status,
right?


> Serial printers

Tres drol! You really must be operating on the cheap.
Too bad Windows isn't really cheap in the long run!


> 5 inkjet

You may also find one networked color-capable laser
printer now costs a lot less to run than 5 indvidual
inkjet printers. Plus, it will work with computers
of all architectures.


Atlant

the only problem is that we are not physically in the same place. So it makes it difficult to have one printer (not cost effective if I have to take the metro or fly across the country to get my printouts, let alone a flight to Paris.) This is the first worm that has actually bothered us in over a year, we pay for virus protection (which we would do anyway)

Of course we don't pay sales tax due to our 501c3 status, but we are unable to accept grants from corporations under our bylaws...

do you wear a helmet when you type?

:) jk

> you're a mac user? do you wear a helmet when you type?

Actually, I'm a Mac, Solaris, Linux, and Windows (currently, 98SE,
NT5, 2000, and XP) user, and I used to be a VMS user (along with
essentially every other DEC operating system).

I develop systems-level (networking) code on Solaris and used to
write device drivers and other system-level code for VMS. See
SYS$EXAMPLES: DQDRIVER.C .

Which of those systems require helmets? And on what appendage must
I put it/them?

If you're implying that Macs crash a lot, your information
is sorely out of date. MacOS/X (based on FreeBSD) is very,
very stable.

Atlant

Not on my main laptop here - but my back-up one. It started with me trying to install Norton AV 2003 and now I cannot connect to the net but the old laptop still works - has Win 2000 pro on it and I cannot get into DOS either to reformat it.

Totally sucks - not sure if its this virus thing or something else going on. In any event, I'm screwed it seems and the old laptop isn't worth messing with to fix. :( :( :(

It was really scary my dad thought it was my fault.

Some seconds after you connect to internet a popup box would come saying

"the dhcp server did so the remote procedure call has been terminated.
close all your programs windows will restar in 59 seconds"

But i went to trends online anti virus and it found a worm and it s working good now.

Oh yeah it finds the worm "msblast" in the initial scan so it managed to do this before the 59 seconds were up hehe.

I first went to the page.. dragged it to my desktop (the link) and the computer restarted.. then asson as i could clicked the link and cleaned.


Apparently windows has a fix for this so it was really my fault for not gettin it.

Windows builds an OS with holes you can fly an Airbus through and it's your fault for not getting the patch??? That assumption is itself a Microsoft virus--the mother of all Microsoft viruses, you could say.

Consider it a valuable lesson. Keep current on the Windows updates and get a firewall running.

> Consider it a valuable lesson. Keep current on the Windows updates
> and get a firewall running.

That way you'll only get *TODAY'S* new viruses. Oh, and those
viruses where Microsoft's first attempt (second attempt, etc.)
at a patch "didn't take".

Oh, and try to ignore those days where Microsoft's first attempt
at a patch trashes your system.

On second thought, maybe you'd better not be the first one on
your block to install today's latest-and-greatest Microsoft
"patch".

Atlant

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp


This will fix the vulnerability.


more info on the worm:

http://www.theregister.co.uk/content/56/32286.html

windows 98, you're ok?

I'm not sure windows98 has the DCOM stuff necessary for the worm to function. just speculating there, though.

:D

Those who refuse to use the UNIX o.s. (and its offspring) are doomed to reinvent it.

Waiting for my son to wake up and fix this. I had to turn on in safe mode - tried going to windowsupdate.com and it's busy, busy

worms, yuck

do it yourself! :D

all by my self. I was waiting on son, because he knows much more than I do, worms, virus, fire walls - it's a geek to me.

Even businesses like mine that have avoided getting hit have spent substantial money and resources preparing for the attack. Those who failed to heed the warnings are going to lose many millions of dollars cleaning up the mess. I hope whoever released it is caught and imprisoned for a long time.

Blatant abuse of monopolistic positions go virtually punishment free in the US, despite laws already on the books.

The old golden rule shines on: "those that have the gold make the rules"

Running Linux since 1998 on multiple servers and many desktops. Never encountered a virus, worm or trojan horse yet.

Worked on IBM server operating systems that ran virus free for decades.

Now the wealthiest corporation in the world (or close to it, based on market valuation) has been unable for decades to write a secure computing platform.

Gosh, I guess we just need more monopolies like that. When the users give up free thinking and creative endeavors and bow to the corporate gods, finally they can be virus free. Cheap labor automatons who never question why can be virus free. Just go to sleep a little longer.

I do sympathise with problems. I myself see industries that have their most vital software virtually chained to Microsoft products, with no real hope of alternatives for the day-to-day user. That is not a comfortable position to be in, and it just reinforces the fact that the M$ monopoly is larger than many understand it to be.

A suggestion: Use linux, mac os/x, and other alternatives on your personal machines and whenever you can. Change will come. The newest desktop distributions for linux are really easy to install and use.

Whatever you use, best of luck. Knowledge is power.

We need the internet and free information interchange to be free ourselves.

a new software package or a device driver, and what about those fonts? I get a kick out of all the LINUX users who think it is too much work to keep MS$ systems updated but it makes great sense to ditch MS$ altogether and spend months to years learning a new OS. If I were to migrate from MS$ OS's to LINUX my end users would have my head. How is it that Microsoft is able to maintain it's "monopoly" against a product that is essentially free?

Jay

corporations is not going to happen. Back in the day, IBM main frames were the rage in corporate envirnments. Microsoft based DOS and laters Windows boxes conencted via Novell networks and later Microsoft networking was the way to compete with the big boys because you spent lower amounts of money to have automated functionality.

In those days, I made good money installing and supporting these systems in small to medium sized companies, but larger companies would not even touch them. After time, there was a trained base of users capable of using these systems. They used them at home and were able to convert to using them in a work envirnment easily. After that, the large companies started adopting desktop systems and throwing out their main frame terminals.

Today, if I were back in my young days consulting mode, I would be pushing Linux based systems to the small and medium sized companies, from the server to the desktop. You cut costs and the learning curve is still cheaper than purchasing and maintaining Microsoft based systems. Given time, the trained employee base will know Linux.

Yeah, it'll take about five years, but standardization is everything for cost control in large envirnments, and if you have a trained employee pool to pick from, then the big boys will be willing to convert.

Right now, there are no Windows based machines in the corporate envirnment of Oracle. They run Linux on the desk top. Now tell me again how this is not possible?

to do with Microsoft’s status as a monopoly. I don't remember anyone running around screaming monopoly when they were forced to spend tens of thousands of dollars on a new IBM box because IBM decided that they were going stop all support of their current box. I agree with the rest of your comments however. If/when the LINUX community can pare down the number of distributions and address the issues I mentioned in my previous post then LINUX will be ready for the masses and lots of people will switch. Right now, IMHO, it is not. I could care less what people use on their PC's, I just wish people would layoff the OS demagoguery .

Jay

I prefer Linux and use it at home. I support Microsoft products and want them to keep up their poor development practices because they insure my job.

Just OS fanboys in general.

Jay

and their methods of market dominance. This kept a whole generation of lawyers in stretched limos from law review to retirement, IIRC.

if part of the attack did not constantly reboot machines, the internet would come to a screaching halt because there would be too much traffic and all wires would be staurated with worm related traffic.

Fortunately, the DCOM exploit this thing uses is related to remote reboots.

I fear for the next DCOM related exploit. I wonder if that is how the internet will be shut down when the final putsch comes.

Maybe I need to adjust this thing...

:tinfoilhat:

(Someday I'll learn to type!)

> I fear for the next DCOM related exploit. I wonder if that is how
> the internet will be shut down when the final putsch comes.
>
> Maybe I need to adjust this thing ... :tinfoilhat:

Walt, the really interesting question in my mind is:

How many viruses have circulated where the payload HAS NOT YET
GONE OFF? That is, how many viruses are out there, having
infected potentially zillions of machines, but they are simply
lying formant, waiting for some trigger?

(We know of some viruses that were intended to work this way,
but were mis-programmed so their payloads activated too soon.)

Depending on how careful the anti-virus vendors are (to
maintain and check their "trap" machines) versus how clever
the virus designers are (to avoid infecting those "trap"
machines), such a virus might arrive completely undetected
on hundreds of millions of computers worldwide.

Imagine a CIA- (DIA-, etc.) designed virus that now infects all
Windows machines and is just waiting for the signal to <whatver>.

Now, lets discuss viruses that have wormed their way into
Microsoft source code, perhaps via a corrupted human...

Atlant

I would have given up completely on the platform years ago.

At home, I am converting completely to Linux. I will end up with a single Windows box for my wife, but damn it, every other box at home will be Linux based.

I hate this crap, and I've been supporting Microsoft OSes for nearly two decades now.

you guys are adjusting your tin-foil hats for Windows but somehow expects Linux or Macs :puke: to be the savior. Its only a matter of time and usage before hackers find and expose the many weak points that are in those platforms as well.

Problem is, they are not nearly as damaging since the architectures are so different.

I'll take any *nix installation over Windows any day of the week and twice on Saturdays. Windows was designed to be user friendly, which makes it insecure.

Case in point: MacOS X. User friendly + Secure.

Different hardware platforms give us different approaches to operating systems.

I'll say it yet again: It isn't a question of "developing" viruses
for Unix (linux, etc.). Unix is fundamentally different than
Windows and many of the techniques that can infect Windows
are absolutely impossible to execute on Unix.

And Unix has been around since about 1970, so there's
been lots of time for the bugs to be worked out.

Atlant

My laptop has been rebooting all day. Toshiba is looking for a patch. I'm fucked until then.

:grr:

Go to Start >> Programs >> Accessories >> Command Prompt

At the console (i.e. Command Prompt) type:

shutdown /a

and hit return.

That aborts the shutdown command.

Then go to the following link >>

http://securityresponse.symantec.com/avcenter/FixBlast.exe

and download that executable. Run it and it will clean your machine

Do you have a friend with a firewall router connected to cable modem or DSL at their home or work? Consumer firewall router boxes cost around $50 now. My mom has one.

If you can plug in behind someone's firewall and get connected you should be able to get the patches downloaded at your leisure.

If you happen to be using Windows XP you should be able to turn on its own software firewall and block the traffic that causes the reboots.

Or you could always follow the friendly, constructive advice here and get a Mac or a Linux box. :eyes:

i found the patch right here (for XP). i downloaded it and the machine restarted before i could install it, and it interrupted the install process twice more with restarts until i took my wireless network card out of it... then i was able to keep it running long enough to install the patch, and it's been great since.

http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=en

edit: but after reading some of the other posts here, i'm also going to download the fix from symatec at http://securityresponse.symantec.com/avcenter/FixBlast.exe

Why did I even bother to read this thread....I feel so dumb.

First of all, applying the MS patch will not remove the worm. You must first remove the worm and then apply the patch to prevent future infections.

http://www.bigblackglasses.com/Article.aspx?Article=342

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

In order to accomplish anything you will first have to stop your computer from the constant shutdown and reboot. Do this first:

you can prevent your computer from shutting down by clicking Start / Run.
Type SHUTDOWN -A. Click OK.

I removed this worm from three machines since yesterday afternoon. It is a nasty little bugger but if you follow the instructions it can be removed and prevented from returning. If you are not comfortable in following the instructions for removal then get some help from someone that is.

Ed

Here is a step by step that may assist you further:


MSBlast Step by Step Removal Procedure for Home and Professional Users.


Step 1: Removal
Step 2: Secure Against Reinfection


Step 1: Removal:


1. Download and run the MSblast Removal Tool from Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


4. Enable Internet Connection Firewall to keep re-infection from occurring.
To enable the Internet Connection Firewall in Windows:

Press Start\Control Panel, double-click Networking and Internet Connections,
and then click Network Connections.
Right-click the connection on which you would like to enable Internet
Connection Firewall, and then click Properties.
On the Advanced tab, click the box to select the option to Protect my
computer or network.
More information on this (if needed) http://support.microsoft.com/?id=283673

5. Reboot the computer.



Step 2: Secure Against Reinfection


1. Install the following Patch from Microsoft to protect your computer from
MSblast Worm/Virus and future variants:

This is the direct Download for the Windows XP Patch:
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe


This is the download link for all other Microsoft Operating Systems:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp




Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

We use Windows. Our system was infected around 10:30 last night, and we were unable to get it back up and running until early this afternoon.

Microsoft released a patch to protect against it over three weeks ago.

Yeah, they claim to test the patches, but that means nothing in the real world where you run applications that are not put out by Microsoft.

In small environments, I would say yes, shame on their administrators. In large environments, baloney! It takes time to test these things before you roll them out.

I do have to admit, though, if the system administrators did not start scrambling when this worm, the first to utilize this specific exploit, was announced last night, then yes, shame on them.

That's when I started scrambling. We've had two machines affected, both laptops that the users had connected to the internet via their cable modems at home last night. We've scrambled to roll out the patch because frankly, the risk to the network was too great not to, but prior to the identification of this worm in the wild the risk of applying the patch was simply too great.

The company I work for develops software products. For me to implement this patch in our network without a directly identified threat before testing with our entire product line would be irresponsible from a business standpoint. We must develop product and a patch that could affect that is not desirable unless the only other option is shutting down my network.

I often defer them for about a week so we have time to check them out on development and QA machines. The one for this worm seemed more urgent than most, so I accelerated the process and had the patch on all of our Windows servers within three days of its release.

Please allow me to gloat a little while occasionally glancing over my shoulder.

We took the sane approach of rolling the appropriate virus definition file to combat this specific worm, and slowly rolled out the patch as necessary.

Only infections were those people who were infected in outside organizations and brought it into our network. Not one machine was infected by the machines that brought it in.

i was off today but checked email from home and the emails were flying around from desktop Tech and eSecurity about the BlasterWorm and how to fix it. i went into a bank branch to make a deposit and they had to write it down because 'the computers were down' all day. I assume related to the worm.

I am amazed that a place with 20,000 + employees and billions of dollars being moved around every day suffered down time because of a Windows worm. Most of our heavy processing is on IBM mainframes so, of course, those were OK. Almost every one of the thousands of desktops is an IBM PC or laptop running 2000 or XP (with some 98's still around). But to be behind on updating the anti-virus software is baffling to me since we get a live update every day. At home my Norton Internet Security package kept my XP machine safe.

Sounds like someone was asleep at the wheel.

this got into our network where i work. my anti-virus did not catch it in time even though i had the newest update, because by the time it saw the worm, my system was already rebooting over and over. much excitement in the building and all around campus! i was very grateful not to be a computer person yesterday.

Where I work, our corporate firewalls stop all traffic on port 135 but we have people with laptops who use them both outside and inside of the corporate office. The patch released on July 16 is good. It works.

My mom just reported that http://windowsupdate.microsoft.com is completely swamped. She could not get in at all.

> My mom just reported that http://windowsupdate.microsoft.com is
> completely swamped. She could not get in at all.

Just FYI: ZDNet reports the worm is programmed to launch a DDOS
(Distributed Denial of Service) attack on the Microsoft website
on Saturday, so expect access to Microsoft to get worse before
it gets better.

Atlant

mY SERVICE PROVIDER GAVE ME A SHORT-CUT TO THEM AND i CAN NOW GET E-MAIL AND MSN>>>>DEMOCRATIC UNDERGROUND. tHE PITS. tHEY DON'T KNOW IF IT WAS THE WORM MAYBE ATTACKING THEIR SERVER.Sorry for the caps. I"M TOO TIRED TO CHANGE IT>

I can dial in and then IE won't launch. Is this an example of the virus? After I try to disconnect, the phone dial-up icon remains lit up. Cripes! :nuke:

everything was lost. Just got it back, cost 118 bucks to fix.

Was it this virus? I just ran a search on my other laptop for msblaster.exe and it came up with nothing. Hmmmm ...

May be another problem I am beginning to think now.

:dem:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

It's 165kb and can be run from a floppy or a Thumb Drive. Follow the isntructions on the page regarding the registry and you are back in business. Get a friend to download it if you've lost use of your main system.

Thank you. I'll try this download on to a floppy - maybe it will help. I think I may have accidently deleted some registry items while trying to be rid of Norton SystemWorks which was out of date and begging for a renewal.

shyte shyte shyte shyte again!! I like my little laptop!

:(

:dem:

In order to accomplish anything you will first have to stop your computer from the constant shutdown and reboot. Do this first:

you can prevent your computer from shutting down by clicking Start / Run.
Type SHUTDOWN -A. Click OK.

It boots up aok - it just fails to recognize IE when I launch it. I think I screwed it up by deleting Norton SystemWorks. :(

It doesn't have a built-in recovery like this other ThinkPad has but I do have a burned copy of Windows 2000 recovery. What does one do with this? If I put the CD of it in the CDR it doesn't look to boot to it and I am getting nowhere. I am now running the tool to fix it but I am not certain that I even have this as the problem now.

What a nightmare. This laptop cost me $700.00 used ... I guess you get what you pay for because it takes almost 5 mins. to boot up because it is so packed full of junk.

Gawwwwwwwddddddddddd ....... :(

:dem:

Thanks anyway! :)


On edit: Results of the 'tool' say W32. Blaster. Worm has not been found on your computer - seems I have a BIG problem.

Wiped that bug right off of my puter with the help of DU. Signed on, grabbed some info before the clock of death brought me down again. No more MSBlast for me. Thanks guys.

My mom, age 69:

- Protected herself against the worm with a home firewall and the Windows XP patches,

- Cleaned up the laptop of a family friend, a doctor, who got whacked by the worm,

- Is in the process of cleaning up other peoples' machines and teaching everyone how to stay safe.

Here's someone's report from "DefCon 0xB", the big hacking/cracking
convention that was held in Las Vegas last week:

http://www.linuxjournal.com//article.php?sid=7064

---

...

Def Con, of course, is the biggest and best annual hacker convention in the US. Def Cons take place in Las
Vegas, Nevada, and span a three-day weekend in early August or late July. The convention is attended by
thousands of information security professionals, hackers of all shapes and UNIX affiliations, law enforcement
officers both federal and not, and journalists both clueful and clueless. Def Con is part security convention, part
family reunion, part flea market and 100% party. This year's Def Con, the eleventh, didn't disappoint in the fun or
socializing departments, and it delivered pretty well on interesting ideas and discourse, too.

...

---

I especially liked this paragraph:

---

Two talks on Sunday stood out for Darth Elmo, possibly because both were given by longtime cohorts. The first
was "Locking Down Mac OS X", in which Jay Beale related his experiences and observations on porting his
important Bastille OS-hardening tool to Mac OS X. Mac OS X was much in evidence at Def Con: many, many
attendees and speakers were carrying iBooks and PowerBooks. Among the geek elite, the combination of cool
Apple hardware with the powerful, BSD-based OS X, has a strong appeal. Accordingly, Jay's talk was well
attended and enthusiastically received.

---

Note the operating system(s) that the hackers/crackers use!
And they use it for two reasons:

1. The Unix base that underlies MacOS/X gives them all the power,
   flexibility, and familiarity of the Unix environments that they're
   used to. It gives them ready access to a good C compiler as well
   as Perl and shell scripting, good telnet tools, etc.
   
   
2. MacOS/X isn't nearly as subject to cracking as the systems
   they're attacking and/or defending.
   
   

A word to the wise from the conference held by the "black hat" and "white hat" pros?

Atlant