Slashdot Mirror
Win32 Blaster Worm is on the Rise
EvilNight writes "You know you've got it when a 60 second shutdown timer pops up on your screen. The virus uses the RPC vulnerability. It looks like it's reaching critical mass today. Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and
download the removal tool." Update: 08/12 19:19 GMT by M : Security bulletin URL corrected.
Dear all of you who are being hit by this attack:
Why hadn't you applied the patch before? It was released 7/16 and nothing has had this level of publicity before.
There was even a Slashdot article about the exploit. It was such a big deal because it was the first and only vulnerability for Windows Server 2003 so far.
All these people sarcastically saying to "patch with Linux" or "use the firewall" are missing the point that the smart people downloaded the 1.2MB patch last month and had no idea anything was going on until we read about the worm on Slashdot. My entire work network was unscathed, because they're all kept completely up to date. I can't think of any reason why someone shouldn't be doing the same to their Windows network, except for arcane Slashbot conspiracy theories or just plain needing to hate Microsoft for something, anything.
If this was a Linux worm, people would be telling everyone else that they should have patched to the latest versions of whatever. But, it's Windows, so it won't exactly happen that way...
"Sufferin' succotash."
Rule 1: The first thing you do when putting any system on the net is make sure it's behind a firewall.
Rule 2: See rule 1. Then do it.
FFS it's not as if it's attacking via port 80... No properly administered system should ever get this. Home users, maybe but businesses????
Windows is easier to pick up, but just as hard, possibly harder, to maintain than *nix. So you get less-trained or less-capable or whatever people who are employed doing this, who look fine on the day-to-day, but who are damn-near useless at the harder stuff like security - which should, of course, be the day to day.
Combine that with the sheer number of sever and critical patches MS expects you to apply, each of which must go through regression testing before deployment, and you can see why sticking the ol' head in the sand looks appealing...
J.
You're only jealous cos the little penguins are talking to me.
According to the Beeb and their article once on a "...machine the malicious program also launches an attack against the Microsoft site that holds a software patch that keeps the worm out."
Nice twist of fate
Jaj
I know this is Slashdot and all the Linux users need their daily affirmation that they are right, but guys, lay off the common user. To expect someone over dialup to have Windows XP patched with the 200 MB of updates since XP came out is rather harsh. I know this hits more broadband users, but working in tech support, we have seen a fair amount of dialup users get hit as well. So before telling the everyday user to switch to Linux for their home machine, maybe we should get Microsoft to check their product for problems before shipping it out.
Welcome to the corporate world. All things, including service packs, must be tested on all platforms with all applications before being deployed into the environment.
We don't have a couple dozen windows boxes. We have a couple hundred thousand. Patching is *painful*. We're not talking purely servers that are affected--standard workstations. Servers get patches at a much faster rate than the user desktops.
Even after the 4-6 months goes by and the patches get the official blessing for end-user install, users don't like watching the service packs run for half an hour when they login. Besides, who trusts the users to sit around and let them install without playing with stuff.
So....We filter internal site connections to try and contain infections, and work as quickly as possible to mitigate the risks of downtime for system updates vs. the risk of collateral damage (outages) caused by Microsoft's weak code and security practices (AKA bug).
After two years, we're almost done with the Windows2000 conversion, but Microsoft has already been pushing for immediate XP deployment for a year...
Why aren't they all patched? Because nothing moves fast in large installation bases.
Ever thought that's it's good practise to burn Service Packs and any critical patches on a CD-RW as they come by using an already secured computer? Then you don't have to expose your new setup? I know it's folly to trust the default Windows installation and don't fool yourself into thinking that a common distribution like RedHat 8/9 is secure out of box.
Do not connect to the net until you've secured the box. Standad practise and pure common sense when you think about it.
BOO! TERRO
Seriously. If you fancy a laugh, and you're working in the City of London, then go to the Halifax ATM between Canon Street and Poultry.
Then try, really, really hard to stop laughing...
I don't know why I have to point this out, but that's NOT funny--it's freaking SCARY.
What part of "shall not be infringed" is so hard to understand?
Let it be suffice to say that if a company is trying to sell you something based upon the FUD factor, treat the information as suspect. I agree, vendors whose software doesn't sell on its own laurels hype the hell out of the FUD factor and give the industry a bad reputation. But don't lump these vendors in with the security consultants that are trying to provide a free service and free advise based upon information that is going around in the security community.
When you get security information, consider the source. Is the security information provided with a sales pitch attached? If so, google the information to determine if it is FUD or legetimate. If it's legit, it'll pay to listen.
Regardless, people, patch your *#&($*@& machines!
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Think about this scenario: a perfectly competent administrator has a properly configured firewall which blocks the problem. The "road warrior" brings his laptop from from 3 weeks on the road and had used a bunch of hotel access points where he got the worm. He connects it to his docking station in the office effectively bringing the problem behind the firewall.
All the Linux users (and *BSD for that matter) are walking around with a big smile on their lips days like this.
Sigh. The Windows exploit is essentially a buffer overrun. Microsoft knew about this and released a patch *before* this worm was even written. So it comes down to two things:
1. It's a common problem caused by people writing OS-level services in languages that are prone to these types of problems. Windows and Linux are in the same boat here. Many such exploits have been found in boths OSes, and more will be found in the future.
2. It doesn't matter how fast a patch is released if people don't download and install the patches. Again, both Windows and Linux are identical in this respect.
If Linux were on 90% of all desktop PCs, you'd see the same kinds of viruses and worms. It's not like there haven't been UNIX worms in the past; to think otherwise is fooling yourself. And if Linux were that popular, it would only be a matter of time until bogus "security updates" started making the rounds, so people log in as root to install them, and BANG.
What absolutely amazes me is that people so casually accept that "patch and reboot" is an acceptable aspect of an operating system.
In a rational world, Windows should have been tossed out of the business door two years ago as a piece of junk product.
I'll just keep reading all this panic and scrambling from the quiet comfort of my OS X machine.
You can tell a great deal about the character of a man by observing those who hate him.
I think you need to get the dvd boset for ALL of the security updates
Then "no soup for you!" Microsoft has not and (at this time says) will not provide a fix for this. They claim that "the Windows NT 4.0 architecture will not support a fix to this issue, now or in the future." WHAT HORSESHIT! So all of the Windows NT 4.0 machines of the world are open doors to this (and other) attacks. Oh, they do recommend that you put it behind a firewall and block port 135. And if you happen to be using 135, well, you gotta have to recode and recompile any and all programs that do. Don't have the source code? Well, how good are you are reverse engineering. And be careful, it may be illegal were you live. AND you gotta trust everyone behind that firewall to not crack your machine!
t .asp?url=/technet/security/bulletin/ms03-010.asp):
Now, the karmaic debt in all of this - Microsoft's Windows Update will get attacked by WinNT 4.0 every month. Mmmm. So, everyone else gets fixed and the ones that MICROSOFT want you to upgrade become easily identified as problems on the net.
Sure, one P.-off muther-F. may have written this worm to get at Microsoft. Or maybe it came from somewhere in Washington state. So, what is next? All "obsolete" versions of Microsoft products get infected with worms that will install a gigabyte of child prono and then email the police? I guarantee with publicity like this, evildoers will be using WinNT as a platform for all kind of crap for now on. Thanks a lot, Microsoft, the Crackers Best Friend!
Here's the Microsoft spin on this from the FAQ in Microsoft Security Bulletin MS03-010 (http://www.microsoft.com/technet/treeview/defaul
"If Windows NT 4.0 is listed as an affected product, why is Microsoft not issuing a patch for it?"
"During the development of Windows 2000, significant enhancements were made to the underlying architecture of RPC. In some areas these changes involved making fundamental changes to the way the RPC server software was built. The Windows NT 4.0 architecture is much less robust than the more recent Windows 2000 architecture, Due to these fundamental differences between Windows NT 4.0 and Windows 2000 and its successors, it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability. To do so would require rearchitecting a very significant amount of the Windows NT 4.0 operating system, and not just the RPC component affected. The product of such a rearchitecture effort would be sufficiently incompatible with Windows NT 4.0 that there would be no assurance that applications designed to run on Windows NT 4.0 would continue to operate on the patched system."
"Microsoft strongly recommends that customers still using Windows NT 4.0 protect those systems by placing them behind a firewall which is filtering traffic on Port 135. Such a firewall will block attacks attempting to exploit this vulnerability, as discussed in the workarounds section below."
"Will Microsoft issue a patch for Windows NT 4.0 sometime in the future?"
"Microsoft has extensively investigated an engineering solution for NT 4.0 and found that the Windows NT 4.0 architecture will not support a fix to this issue, now or in the future."
The moral is upgrade. Upgrade and get people like Microsoft who abandon you out of your life. Upgrade to Linux.
I wonder when someone will release a virus for an exploit that they just found, one that they didn't tell Microsoft about. If they found one for IIS it would basically kill the entire windows internet (since you couldn't just firewall off the port).
And of course the same thing could happen with Linux. There have been security holes in Apache and especially in various distros.
I guess we're lucky that people finding holes so far have been benign. (or at least more interested in having access then causing chaos...)
autopr0n is like, down and stuff.
Now, this being modded as funny is REALLY sad.
.x = new release = full price .xy = maintenance upgrade = free.
Apple's versioning is as follows:
So, 10.1 was full price. 10.1.1 was free. 10.2 was full price. 10.2.6 was free. 10.3 is full price. 10.3.x will be free. 10.4 will be full price, etc.
Apple does not sell upgrade CDs. You buy a full install. This means you don't need to have any previous version of OS X on the machine. So compate the right things. So let's put this in terms the Microsoft Marketing Influenced(TM) can understand.
I paid $129 for the full version of OS X. You paid $299 for the full version of Windows2000 Professional.
I paid $129 for the full version of Jaguar. You paid $399 for the full version of WindowsXP Professional.
I will pay $129 for the full version of Panther. You will pay >$399 for the full version of Longhorn Professional.
Now who should we laugh at?
For all the ranting slashdotters do on how stupid the non-tech/geek person is, I find it hilarious that such a logical, programmer-centric versioning system totally confuses said slashdotter.
I guess MS was pretty smart to call Winnt 5 Windows 2000, and Winnt 5.1 Windows XP, or you'd all be screaming about that $399 "upgrade" as well.
You can tell a great deal about the character of a man by observing those who hate him.
An ATM running an open and unpatched SMB on a network that, directly or not, is exposed to the internet...
Some things are completely understandable. But this just makes me want to sit down with the IT guy who dempt this up and ask him what the hell he was thinking.
~Dalcius
Rome wasn't burnt in a day.
No it isn't. Seriously. While it would certainly inconvenience you if the ATM were to crash while you're using it (including up to a lost card, if it's an older machine that still "takes" the card instead of swiping it), the transaction model should ensure that even if a machine were to crash or be disconnected in the middle of a transaction, the transaction will be completely unrolled. That's the point of transactions, and these machines are designed to deal with failures.
You're wrong--it's not scary that the ATM is running Windows. It's not even scary that the ATM is in a reboot loop. What's scary is the ATM is connected to a public network (or connected to machines connected to the public network) such that it was able to contract this virus.
Inconvenience has NOTHING to do with it.
What part of "shall not be infringed" is so hard to understand?