#175657 - 18/08/2003 11:32
Viral Hell
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
Greetings!
Is anyone else in viral hell at the moment? Pretty tame from NAI's perspective, but it is causing havoc in the office. (Not a small task, or small network.)
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#175658 - 18/08/2003 12:02
Re: Viral Hell
[Re: pgrzelak]
|
pooh-bah
Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
|
Wait, it's payload is WHAT?! It tries to patch your machine to protect it from getting the same virus again?!?! That just seems bizaare.
|
Top
|
|
|
|
#175659 - 18/08/2003 12:04
Re: Viral Hell
[Re: pgrzelak]
|
pooh-bah
Registered: 15/01/2002
Posts: 1866
Loc: Austin
|
if it takes care of itself, whats the big deal?
|
Top
|
|
|
|
#175660 - 18/08/2003 12:11
Re: Viral Hell
[Re: RobotCaleb]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
if it takes care of itself, whats the big deal?
The side effects:
As for the W32/Lovsan.worm, some systems may be in a “crash loop” where each time the system is restarted, SVCHOST.EXE crashes and the user has 60 seconds before the system restarts. This action can continue to happen even after the virus is removed if the patch is not applied.
Basically, the exploit might fail, leaving the patch unapplied and the system screwed.
Gareth
|
Top
|
|
|
|
#175661 - 18/08/2003 12:12
Re: Viral Hell
[Re: g_attrill]
|
pooh-bah
Registered: 15/01/2002
Posts: 1866
Loc: Austin
|
yeah, thats a byproduct of installing windows. no big deal, were all used to it
:P
|
Top
|
|
|
|
#175662 - 18/08/2003 12:22
Re: Viral Hell
[Re: RobotCaleb]
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
The results are far worse, as the machine starts spamming your intranet with malformed ICMP packets and tests on port 135... Trust me, it can slow things down immensely...
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#175663 - 18/08/2003 12:28
Re: Viral Hell
[Re: pgrzelak]
|
pooh-bah
Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
|
Don't get me wrong. I can surely see how it could be an issue, but what a bizaare payload. Not exactly deleting all your system files.
|
Top
|
|
|
|
#175664 - 18/08/2003 13:10
Re: Viral Hell
[Re: pgrzelak]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
From a part time university sys admin who got stuck dealing with blaster last week while everyone was away at training, I'm really wishing this had hit a few days earlier. I havn't actually seen any infections of the new one yet, but move in day is tomorrow so we're going to have a whole load of unpatched systems coming online.
Matthew
|
Top
|
|
|
|
#175666 - 18/08/2003 16:28
Re: Viral Hell
[Re: pgrzelak]
|
pooh-bah
Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
|
I'm so glad that I am still running Win98SE
_________________________
Laura
MKI #017/90
whatever
|
Top
|
|
|
|
#175667 - 19/08/2003 00:43
Re: Viral Hell
[Re: Laura]
|
carpal tunnel
Registered: 18/01/2000
Posts: 5683
Loc: London, UK
|
I'm so glad that I am still running Win98SE
I'm so glad that I installed the patch for that problem when it came out, rather than waiting until the worm happened .
I'm also glad that I'm behind a firewall, so most of this sh*t doesn't get to me anyway.
_________________________
-- roger
|
Top
|
|
|
|
#175668 - 19/08/2003 04:17
Re: Viral Hell
[Re: Roger]
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
<cough>
Trust me. We installed the patch. We are behind a firewall. Unfortunately, it only takes a few clueless individuals (and in a huge corporation, there are plenty) to get infected badly enough to bring down a rather large and complex network.
Just like driving in traffic - no matter how careful you are, it only takes one person to cause an accident that (at best) leaves you stranded for hours.
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#175669 - 19/08/2003 05:11
Re: Viral Hell
[Re: pgrzelak]
|
veteran
Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
|
Yup! And we've got plenty of them here.
|
Top
|
|
|
|
#175670 - 19/08/2003 05:54
Re: Viral Hell
[Re: pgrzelak]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
So true, Paul. We only have 17 people in our office, and half of them have no clue what that little globe is that keeps giving them little messages. We keep telling them and they keep forgetting. I think the problem is the inevitable restarting of their machines, which is just too much of an inconvenience.
My girlfriend's father got the MSblaster worm, and it gave me a reason to play high speed internet advocate for the rest of his family. I told him that I would have run Update on his machine already, but since he's never done it since he got his computer, he had about 45MB of stuff to download over dialup. It was a good argument for a cable modem
_________________________
Matt
|
Top
|
|
|
|
#175671 - 19/08/2003 06:22
Re: Viral Hell
[Re: Dignan]
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
Broadband is a big help when dealing with the patches an autoupgrades! You might want to also consider a Terminal Services, VNC or PC Anywhere if you have to do a lot "remote management" of his machine...
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#175672 - 19/08/2003 07:03
Re: Viral Hell
[Re: Dignan]
|
carpal tunnel
Registered: 18/01/2000
Posts: 5683
Loc: London, UK
|
It was a good argument for a cable modem
I used a similar argument to persuade my girlfriend to get DSL.
Well, to be strictly accurate, she let me get DSL at her flat. I pay for it, but she uses it.
Now she just needs a computer that can keep up with it.
_________________________
-- roger
|
Top
|
|
|
|
#175673 - 19/08/2003 07:16
Re: Viral Hell
[Re: Roger]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Now she just needs a computer that can keep up with it. That was another method I used. Her father's PC was painfully slow, and I had the thought that if I could speed it up, he'd start getting used to high-speed computing, and grow intollerant of low-speed internet. Turns out Dell sold him a WinXP machine with 128MB of RAM (not sure why). I slapped 512 in there and now dialup is painfully slow in comparison
_________________________
Matt
|
Top
|
|
|
|
#175674 - 19/08/2003 07:31
Re: Viral Hell
[Re: Roger]
|
veteran
Registered: 21/01/2002
Posts: 1380
Loc: Erie, CO
|
I've been pretty careful about being behind a firewall and not allowing access to ANY ports, but one thing bit me in the butt when this happened. I neglected to realize that when I VPN'd into my company's network, I am no longer behind my firewall. I'm within their firewall, but you get one guy who has his laptop at home on his cable modem, brings it into work the next day, BAM.
Sucks.
|
Top
|
|
|
|
#175675 - 19/08/2003 07:51
Re: Viral Hell
[Re: Dignan]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
That's nothing. I know somebody who has a 2mbit cable connection that for some reason known only to him is connected to a 486DX33. He saw the adverts about how Blueyonder would make your internet a much better experience etc... and decided to get it. It's only got a 200MB hard disk as well to make it worse.
I really do wonder what he uses it for. It can't be for downloading huge files since he's only got a 200MB disk and he can't be playing online games.
|
Top
|
|
|
|
#175676 - 19/08/2003 11:51
Re: Viral Hell
[Re: tman]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
porn.
_________________________
~ John
|
Top
|
|
|
|
#175677 - 19/08/2003 11:56
Re: Viral Hell
[Re: JBjorgen]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Hmm... 8bpp porn? Look at that dithering
|
Top
|
|
|
|
#175678 - 19/08/2003 11:58
Re: Viral Hell
[Re: tman]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Nah. ASCII porn.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#175679 - 19/08/2003 12:01
Re: Viral Hell
[Re: cushman]
|
Carpal Tunnel
Registered: 08/02/2002
Posts: 3411
|
Yeah, firewalls are completely ineffective at preventing the spread of email-based virii. Virus scanners, vigilence and avoiding M$ email clients appears to be the best prevention.
_________________________
Mk2a 60GB Blue. Serial 030102962
sig.mp3: File Format not Valid.
|
Top
|
|
|
|
#175680 - 19/08/2003 12:04
Re: Viral Hell
[Re: genixia]
|
Carpal Tunnel
Registered: 08/02/2002
Posts: 3411
|
Speaking of Virii, is anybody else getting hit by
Sobig? It looks like all my friends got infected this morning.
_________________________
Mk2a 60GB Blue. Serial 030102962
sig.mp3: File Format not Valid.
|
Top
|
|
|
|
#175681 - 19/08/2003 12:28
Re: Viral Hell
[Re: genixia]
|
old hand
Registered: 20/07/1999
Posts: 1102
Loc: UK
|
Yes, I've had a dozen copies in the last two or three hours. Who here has an address book with the following addresses in it:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
It would seem to be someone connected with the empeg bbs or empeg itself. They all seem to have come from a machine running outlook express 6.00.2600.0000, and have the line "X-MailScanner: Found to be clean" in them, which is amusing.
pca
_________________________
Experience is what you get just after it would have helped...
|
Top
|
|
|
|
#175683 - 19/08/2003 13:23
Re: Viral Hell
[Re: tfabris]
|
carpal tunnel
Registered: 18/01/2000
Posts: 5683
Loc: London, UK
|
Isn't that going to be your (collective) flat pretty soon anyway?
Yeah. So it's a good thing that the DSL is already there .
_________________________
-- roger
|
Top
|
|
|
|
#175684 - 19/08/2003 18:19
Re: Viral Hell
[Re: pca]
|
pooh-bah
Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
|
My inbox collected 24,000 virus warning messages from our company this afternoon. Starting at 11:27. Good thing our email virus scanner was up to the minute. I personally recieved 148 of the messages. Outnumbered my real email 10-1.
|
Top
|
|
|
|
#175685 - 19/08/2003 20:03
Re: Viral Hell
[Re: pca]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14493
Loc: Canada
|
yeah, major avalanche of junkmail all of a sudden today -- like the power finally got back on to 100% in NYC or something.
There are only 16 people that have *ever* sent email to [email protected].. I wonder which of the 17 is flubbed ?
Cheers
|
Top
|
|
|
|
#175686 - 19/08/2003 21:14
Re: Viral Hell
[Re: pgrzelak]
|
carpal tunnel
Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
|
Today was the day I finally updated sendmail to use MIMEdefang, updated MIMEdefang to add some useful SpamAssassin headers, updated sieve to filter on those headers, and installed a virus checker on my mail server. And I don't even have Windows, it was just annoying me.
|
Top
|
|
|
|
|
|