Nimda To Strike Again

Seabass55 writes: "Researchers say Nimda is set to propagate again after rechecking Nimda's code. God help all the MS boxes ... again." Looks like the owners of unpatched IIS machines have until 9 p.m. GMT (1 a.m. ET) to get ready. I'd like to see a nice double stockade for the writers of Sircam and Nimda, and maybe some fireants. Update: 09/27 22:45 GMT by T : Temporal confusion -- that's 5:00 GMT, sorry :) Update: 09/28 00:14 GMT by T : Carnage4Life contributes this link to a command-line tool from Microsoft to list patches already installed or still needed, if you think your Windows machine may be vulnerable.

Math?

[sharkey]

9pm GMT -04:00 (EDT) is 5pm EDT.
9pm GMT -05:00 (EST) is 4pm EST.

However, the time mentioned in the article is 1am ET. Hazard a guess that it is really EDT they are citing, making 5am GMT zero hour. It will be 12:00am (Midnight) EST.

Nimda cost me Microsoft.

[standards]

My organization was hit hard by Nimda. Our poor Windows Administration staff ran around like crazy cleaning, patching, and upgrading hundreds of machines.

Is this a Microsoft problem? You bet.

Microsoft OSs do not have a complete, common set of system administration tools built in. This results in haphazard machine administration.

Microsoft and other companies sell useful administration tools, but these are high priced tools that only do a piece of the job. And since they aren't included with the OS, very few sysadmins have expertise with them.

So Microsoft, get on the ball. If you want to sell an OS, it should be ready for the enterprise.... including enterprise administration.

In the meantime, we're porting our apps from IIS to Apache. Yay!

Dangerous Viruses??

[dragons_flight]

Whatever happened to all the "3v1|_ h4x0r5"(TM)??

We seen a number of highly infectious viruses in the last year (Sircam, Code Red, Nimda, etc), but none of these were actually very destructive. Sure they are a pain to get rid of, and may spread a little information around, eat up bandwidth, or compel you to reformat just to be sure, but they aren't flattening people's systems.

Whatever happened to the anarchists out to destroy the system? Now admittedly I don't want to encourage people to be more destructive, but it seems almost trivial to think of ways that viruses and worms could easily be made more destructive. For instance, upon infection, delete everything in the "My Documents" folder. Or, change default web page to a share of the whole computer. Or even wait a couple days and then wipe the person's hard drive.

I haven't been vulnerable to anything to come along lately, and I'm glad, but I'm also glad to note that the truly skilled black hats out there seem to have moderated how much damage they actually intend to do. I wonder if they are scared what the law might do to them if their attack truly was evil.

Re:Not Me

[sphealey]

"Legislation shows that people have a hard time differentiating what's a serious offence and what isn't"

Despite the fact that I thought we were patched and secured, the Nimda worm hit our servers. Oops - missed one of those MS security bulletins. My bad.

The cost in real dollars (not "gartner dollars" or "TCO dollars) to clean it up was around $25,000. For one small manufacturing company.

If a naughty kid threw a rock through our window and did $100 of damage, the police would yell at him and call his parents to pick him up. If he threw a bottle of gasoline through the window and did $25k of damage, he would be prosecuted for a felony.

So exactly how is this Nimda bomb not a "serious offense"?

sPh