Slashdot Mirror
1 Year Anniversary of Nimda Outbreak
dots and loops writes "Today marks one year to the date that the nimda
worm began making its way across the Internet." Hey, speaking of hilarious worms, I'm still getting 5-10 klez virus's a day! Yay Security!
Thats what you linux guys say every time there is an Apache worm, isn't it? Let's be consistent, shall we?
But how many of these machines are run by admins? (definition of admin being a professional)
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I'm still getting nailed by Code Red. Weird how something can survive for two years without touching a single permanent storage device.
Nimda 0|/\|Nz j00 !
No really , its a brilliant little Virus. I am sure lot of unscrupulous people made a lot of money from that one. Think about it, any unsecured server with this virus broadcasts this fact to the whole world !
Just backtrack to the Broadcassting computer, and you can own it in 5 Minutes. I shudder to think at all the financial information that was made availiable from this virus.
With Windows 2000 and XP still unsecure, we just need to wait for Nimda 2 and really make some money =-)
Why is it every time there's an addendum or update on a worm/virus report that Taco hasta remind us how much crap mail he gets?
There are only 10 kinds of people in this world... those who understand binary and those who don't
Ill tell you what if the OpenSSL bug does 1 hundreth of the damage to network communication that nimda did Ill buy the cake..
The problem is that IIS encourages lazy admins. After all, the main marketing behind IIS is that even a trained monkey can set up and administrate it. So most companies hire lazy idiots to save money, and don't bother with security. With Apache, you have to know what you are doing, making the issue of lazy and/or stupid administrators not much of a problem.
Anyway, here is it again for Taco:
Put this in your .procmailrc file:
Of course, this is a bit drastic by throwing every file that ends in that type into the bin, so you may want to replace it with something like /home/username/mail/viruses
Finally (and this bit is especially for Taco) you will probably need to have a .forward file with the following in it:
Once you've done that, then finally we'll never heard again from you how many viruses a day you can get.
Avantslash - View Slashdot cleanly on your mobile phone.
is that without knowing it anybody that installed a Microsoft Server OS was obliged to install IIS. Its part of the default install and most MCSE just say what the heck that would be so cool to run a web server. So most don't even realize that they are running IIS. If they don't know, they don't patch. This IS an example of microsoft featuritis. Customers demand it. Microsoft delivers. Unfortunately the customer tends to be a complete dumbass when it comes to security.
Actually, you could look at these viruses as more of a protocol than a virus. When the other user initiates the connection, you can simply send a series of 'response' packets to verify that you received the request for a connection. If their computer doesn't know how to handle the 'response' and does something silly like crash, well, that just means they need to update the driver they have for that 'protocol' I mean, the guy who wrote that version they are running now must have been crazy! Its practically a virus!
I apparently forgot that sig != uptime...
"Given the choice between dancing pigs and security people will choose dancing pigs every time."
There'll be many "nimdas" yet to come...
> But Alanis couldn't get it past the corporate censors.
..as opposed to several of the lyrics of "You Oughta Know"?...
Actually, almost all of mine are coming from individual subscribers coming through big DSL-/Cable-based ISP's like RoadRunner, SW Bell, etc. For each incident, I fire off E-Mail to their security departments, giving times, IP's, etc. (I have set of log scanning scripts that generate them automatically. How's that for geekiness? No, you can't have them. They suck. That's high in geek factor, too :-). I've seen NO action taken by them. What a bunch of lamers. Do they really think their customers want to be infected and spew out into the net? The issue is that, really, as long as that $50/mo. comes in, they don't give a rat's ass.
The smaller DSL ISP's are usually on the job, though. They give me a small amount of hope.
That is all.