Slashdot Mirror
Nimda To Strike Again
Seabass55 writes: "Researchers say Nimda is set to propagate again after rechecking Nimda's code. God help all the MS boxes ... again." Looks like the owners of unpatched IIS machines have until 9 p.m. GMT (1 a.m. ET) to get ready. I'd like to see a nice double stockade for the writers of Sircam and Nimda, and maybe some fireants. Update: 09/27 22:45 GMT by T : Temporal confusion -- that's 5:00 GMT, sorry :) Update: 09/28 00:14 GMT by T : Carnage4Life contributes this link to a command-line tool from Microsoft to list patches already installed or still needed, if you think your Windows machine may be vulnerable.
I administer Notes, NT, Win9x and a Linux box, plus firewalls yadda, yadda.
I work in a Corporate Travel Agency in NYC, they just decimated my entire staff and I have me and one other guy who has been relegated to inputting ticket refunds.
I DON'T HAVE TIME FOR THIS! My lone IIS server has been patched since the first day. Lotus Notes doesn't care about these dumb ass viruses (virii) and my Norton's are all up to date.
My USERS got this crap from infected web pages!
We're losing a machine a day in the field b/c these bozos can't figure out how to click on a button called VIRUS_FIX on the corporate intranet.
I am ready to frigging quit and become an English Teacher fuck the money! If the whole MS world can be brought to its knees everytime some kid in Sweden has the day off then we're all fucked.
CIOs who continue to use Outlook/IIS deserve whatever happens to them. (We HAD to use IIS for a 3rd party software app.) Micorsoft SHOULD ABSOLUTELY BE PAYING IT'S CUSTOMERS BACK FOR THIS! HOW DARE THEY GET READY TO RELEASE YET ANOTHER VIRUS RUNTIME OS.
It is seriously time for the MCSE farms to be shut down and for corporate America to move to another OS. Fuck the users; guess what they don't know all that much about the OS they are on switching them now will have no lasting impact.
This
If a company wasn't hit by both, presumably their security policies and procedures are either already up to scratch, or capable of being improved sufficiently. But if a company was hit by both, their procedures are probably beyond repair, and they'd be better off with a server that's more secure by default.
So I think Gartner was absolutely correct. Not only that, but people who didn't pick up that subtlety from the Gartner report are also more likely to need to switch servers, so the report works either way! :P
Our organization didn't do squat because we spent five minutes researching commonly accepted practices for securing IIS and NT boxes before we ever put our first box on the net. We do the same for every piece of hardware and software, exploits are not an MS-exclusive thing. The simple act of unmapping unused extensions in IIS has saved us countless hours (or days) of agony on many occasions. I suspect your organization may not contain the level of security-conciousness necessary to properly maintain systems connected to the internet since such security-awareness would have included remedial research into the securest method of presenting a piece of hardware or software to the internet. In other words, if your organization knew what they were doing, the issue you experienced would not have occurred. It's not an apache/IIS issue, it's a poor administration issue that will plague your organization, unless corrected, regardless of what OS and web server software they choose to deploy.
Hope this helps,
maru
www.mp3.com/pixal
Despite the fact that I thought we were patched and secured, the Nimda worm hit our servers.
Oops indeed! All of Nimda's exploits were old. You had what? Five months? At a total cost of $25,000?? Damn, I hope you have some money put away, because if you were one of my employees, you'd be working at half pay to reimburse the company for your negligence. That's on a good day. On a bad day, you'd be fired, and I'd call Legal to have them sue your ass once it cleared the doorstep on your way to the unemployment line.
Rule 1: If you're an NT admin, you have to stay on top of *EVERY* patch. You don't patch, your company loses money because of your negligence. If you don't patch, you deserve to lose your job.
Now, if you're one of those companies that has lost a lot of 'good men' to rule 1, perhaps you should not use Microsoft products? Perhaps they're not everything the Microsoft rep told you they would be...
.sig: Now legally binding!
I'll point out that a firewall won't protect from this, as these are legitimate http requests. Your gateway anti-virus solution and/or intrusion detection system, on the other hand, should catch these. But this sort of thing is NOT what a firewall is supposed to stop.
Vintage computer games and RPG books available. Email me if you're interested.
You apply SP6 to NT4 the day it comes out. Your company's Lotus Notes system falls on its arse. You lose your job.
Admins have a hard enough job keeping a known, stable system running without applying day-0 patches every time Microsoft figure they're screwed up again. Applying patches immediately and automatically isn't a black and white issue, and all your sound and fury won't make it so.
If you were blocking sigs, you wouldn't have to read this.
Our organization didn't do squat because we spent five minutes researching commonly accepted practices for securing IIS and NT boxes before we ever put our first box on the net.
.dll and .eml files from Nimda that users had been infected on their desktops.
Unfortunately Nimda spreads itself over shares, too -- so our server was well-maintained, but every shared directory on there was filled with the
All it took was a single person on our network who had disabled their antivirus to spread it all over ever network drive in the place.
Recursive: Adj. See Recursive.