RPC DCOM Worm On The Loose

← Back to Stories (view on slashdot.org)

Posted by simoniker on Monday August 11, 2003 @08:58AM from the uh-oh-spaghettios dept.

GPez writes "The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."

4 of 604 comments (clear)

Min score:

Reason:

Sort:

Re:I have already patched my entire network. by Anonymous Coward · 2003-08-11 09:11 · Score: 5, Insightful

I'm afraid you have a false sense of security. A firewall is only part of the solution.

A complete solution includes patching your systems and deploying IDS systems. Still, this is only part of a complete security solution.
Firewalls *may* not protect you here by venom600 · 2003-08-11 09:12 · Score: 5, Insightful

Everybody keeps posting that they have this or that port blocked on their firewall, so they're safe. Not so. All it takes is one person inside your network to open the wrong file attachment, or one laptop that went outside the network and then came back in to infect your internal network.
Re:This is just sick. by The+Bungi · 2003-08-11 10:27 · Score: 5, Insightful

That fix has been there for almost a month. So... shut up, please. There's nothing worse than going off on a "OMG, M$ suxx is teh gahyest!!1!!" rant when you're just plain wrong.
Re:On the way? by Loki_1929 · 2003-08-11 12:30 · Score: 5, Insightful

"My Co-Worker and I manage about 375 PCs at a University which has no firewall,"
"the Sysadmins need to be ... fired."

"You should have had auto-updates turned on for your boxes"
"the Sysadmins need to be ... fired."

"We had autoupdates on,"
"the Sysadmins need to be ... fired."

Reasonable boarder security, strict firewall rules, roll-over security, implementing patchs and updates after they've been tested within a "sandbox" or other non-production machine, and constant security/threat analysis - these are the building blocks to a secure and operational infrastructure; not turning on "auto-update" for all your windows boxes. That's absolutely ridiculous. Next time a faulty patch comes down the line, it's going to take down some, most, or even all of your machines. I can remember Microsoft security patches causing anything from network connection problems to out-right system corruption requiring repair/reinstallation of the OS. Be very careful throwing stones at other admins when your own procedures are just plain laughable.

"So, uh, what were you other Windows admins doing when you should have been doing your job?"

Where was I? Reviewing the procedures I have in place to ensure that this type of vulnerablity never touches anything that would be vulnerable to it, and ensuring that all critical systems are buffered in case of internal infection through user stupidity. Where was I? Doing my job, correctly.

--
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."