Slashdot Mirror
Windows Virus Takes Out Gov't Agencies in MD, PA
Zolzar writes "Looks like the Md. State Motor Vehicles Administration is the first government agency reporting a failure of their systems due to the recent virus." This is a more specific story about the outage. And the city of Philadelphia has suffered as well.
Let's prove how insecure everyone already knows Windows is by shutting down government agencies, gee, I am sure the "haxor" would have been really proud of his/her self if he/she proved their point by porking say a hospital's computer system. What an asshole.
I hate sigs.
The patches have been available for a LOOOOONG time now. They should have patched. They can't whine now. End of story.
www.sitetronics.com/wordpress
A radio news report tonight said that a 3M plant in Minnesota shut down Tuesday due to a computer worm. Somebody's trying to run a plant dependent upon Microsoft...
when a new Microsoft worm or exploit is out. But after the initiall updatestuff it all settles. The latest RPC vulnerability the Blaster is already slowing down according to a Cnet.
And I guess that eveyone that have some firewalls and uses common sense allways survive these attacks. At my companys network we use Win 98 instead, so we were able to escape this worm. Actually it looks like all the new exploit are on these new Win2000 and XP versions, so to me Win 98 or Win Me looks like a much better choice in the security area.
Proud patriot and republican voter.
I keep hearing that windows 2k3 is the most secure windows, but (and I'm truly asking), what makes people say so? I'm using it at home. Evidence for: logs changes, logs every reboot and needs you to enter a reason, insists that every site (including google) has a security issue, comes with almost everything disabled, doesn't let users use shockwave et al without permission, probably some bug fixes. Evidence against: see the article above. At least it informed me afterwards that the computer unexpectedly rebooted . . .
PS: Please don't mod me for flaming, I'm really wondering what inner changes there are, other than the ones above that give the impression of security.
A friend who works at blackbox told me "hundreds" of computers shut themselves down at EA Studios out in Burnaby this morning ... HA HA
If this was a "pro-linux" motivated attack, then surely this troublemaker's attentions would've been best directed at sco.com rather than windowsupdate.com, no?
~
~
~
-- INSERT --
I know there'll be dozens of "they shouldda been using un*x" posts, but in defense of Windows, there has been a patch for this on Windows Update since July 16. Even I had enough time to test the patch on a non-production system between then and now. Every platform gets its 'sploits throughout its lifetime, it's just a matter of learning about them and applying the proper patches in a resonable amount of time... especially on mission-critical machines. (DMV computers, etc...)
Yeah, but it's not like the Department of Homeland Security put out a notice telling people they should install the patch. Oh wait, yes they did. Maybe that's why a group of us worked late on Friday 8/1 making sure the patch was installed on all of our servers and workstations.
Preaching to the choir.
:)
I remember the Klez virus kept infecting our system. I put antivirus on all the machines and wiped and cleaned them several times. Still my boss had his computer go down several times and started to suggest I was incompetent.
Turns out he got a fake email on his AOL account with the virus attached from a potential client who he has been trying to sell to for a long time. He loaded the virus from his laptop and ignored and disabled the antivirus warnings desperately trying to see what this guy was sending him. For those that don't know, Klez emails itself to any email addresses it can find.
Problem finally solved. I was not mention this matter to anyone else. Yeah Right.
> I'm all for Microsoft making the DEFAULT behaviour to be to download and install the patches without updating.
In principle, yes, but...
a) Would Microsoft (or any other company) be willing to accept the legal liability?
b) How long until someone highjacks that very mechanism as a way of spreading grief?
Sheesh, evil *and* a jerk. -- Jade
...that I'm a damn programmer, and my system was secured from this exploit (due in large part to my overly paranoid nature), but the workstations belonging to my depts microcomputer support & network manager were all vulnerable and hit. Dumbasses. I spent my entire morning trouble shooting, patching, and fixing the workstations belonging to my office's higher-ups & executives (I was specifically requested by them, I might add), while the network & micro fucktards ran around fixing the computers of the no-counts. Needless to say, I pissed off a lot of people today, but thank God they aren't the ones who sign my check.
I look at the never ending laziness of network support as continuing to supply me with the opportunities to secure my employment. Also, the thank you email from the prez really gave me a chubby.
Spread the RC luvin'
> My wife's entire 1500 plus employee company was instructed today to not turn on their computers until IT came around to look at them.
Where I work they just kicked everyone with an exposed system off the network as soon as the DoHS warning came out 2-3 weeks ago, and let them back on the network when they could demonstrate that their system was fixed.
Call it "opt-in security", if you will.
Sheesh, evil *and* a jerk. -- Jade
The majority of MS worms are created by little nerds in basements using pirated copies of Visual Studio. Not Linux users. They are know as script kiddies and are all over Usenet sharing their windows expertise.
So bullshit to your post.
OH THE SHAME I fell off the wagon and use sigs again!
If the worm we got autostarts anything, it uses one of the sneakier methods. I didn't check the ini files, but I did check out both run and both runonce keys and there was nothing unexpected in any of them. File sizes and dates on the files that were there matched a clean system (although that's not a guarantee, I didn't run checksums). The damage to explorer, IE, and Word did survive a reboot, however, so it modifies something on the system. We had the system up for the better part of an hour on the network, watching ethereal on the switch's mirror port, and didn't see any strange traffic, so I don't know what triggers it's spread. The dial-in client that was one of the original vectors had been connected for something like 8 hours when it started scanning, and we are it's internet access so it couldn't have been (easily) infected from outside today without us seeing it (we were monitoring after central's exchange server went boom), so I strongly suspect it's got a timer or trigger to start scanning. (Maybe idle time? It started roughly half an hour after they closed for the night, hence us kicking them off and revoking their dial-in privliges instead of just calling them.) I didn't catch any actual infections in the packet dumps, only scans after the vulnerable machines had already been hit, so I don't have a network dump, but I'll hook an infected machine to the test network in the morning and try to get one. If I can talk the manager into leaving me alone for long enough I'll try to get it to infect a dummy machine I've imaged and see exactly what changes it makes. Anyways, good luck to anyone still playing with these things.
Extensive hits to e-mail, web and database systems throughout many ministries in Ontario.
I thought it was interesting that a member of the Justice system in Ontario was complaining that 'Microsoft is not providing the proper tools to properly manage an enterprise with 1000 servers spread throughout the province and ensure that patches and service packs are kept up to date. The cost of maintaining these manually is too high'
To which I asked 'How much is it costing you to scramble and fix this problem now?'
Enterprises either need to bear the cost of a 3rd party tool to maintain patches through the enterprise or find the money and resources to keep things up to date properly on an ongoing basis. Otherwise, they will find it costs 2-3 times that amount of money to respond to patching and cleaning large pools of servers in this type of worm situation.
The1Genius - Littera Scripta Manet
I was setting up a new computer today running Windows XP and within 3 minutes of the first boot, the computer was infected. I wasn't even able to download the updates before the worm found this machine. So my question is, why are machines still being shipped with vulnerable versions of Windows XP? If it is too expensive to redo the drive, at least include a cd-rom (that costs $0.00001) that has the updates on it.
I was at the gym for the 3pm NZST news today, and Microsoft took a hammering. Only Microsoft Systems are affected... MSFT this, MSFT that - I'd like to see what Microsoft New Bliss-Land do to spin this.
I've just checked their NZ home page and they are soliciting for feedback on customer feelings towards MSFT today, and have some obvious customer advice in big, bright colours. Microsoft US doesn't seem to care in comparision.
The feedback form has three cute faces with various different states from happy to angry on them. Perhaps you may want to give them some feedback to ;)
So my question is, why are machines still being shipped with vulnerable versions of Windows XP?
because it would cost them (PC manufacturers) lots of money to stop shipment on all those systems and reimage them all over again. they would be glad to toss a CD in the box if they kept track of which hard drives were in which systems, but they don't. honestly, just make your own damn cd. it will work until the next service pack is released, and then you'll have a brand new office frisbie to play with. you can't lose!
Protector of Capitalist views,
Meorah
Has anyone compiled a list to see something like how much M$ has cost the world due to insecure software?
I would guess it's a couple billion dollars by now. Why does no one care?
How many Windows users actually use Windows Update?
I'm convinced that most regular users do not "get" what Windows Update is for, and see no tangible benefit to using it until/unless their system crashes. It's a bit like backing up the hard drive -- most people won't do it until a bad experience convinces them it's worthwhile. (This goes double for dial-up Internet users, who have to babysit giant downloads, and may have to start from scratch if they get disconnected.)
I think Microsoft needs to add some kind of positive reinforcement and explanation of the value of the Windows Update service. Even a big splash screen at the end of each update that says "Your computer is more secure!" would be an improvement.
In my experience, Windows Update works pretty well in Windows XP. Updates can be set to download and install automatically, or download then notify, or simply notify when updates are available. The system works.
By my very unscientific reckoning, however -- based on the visitor logs on my Web site -- the latest Windows (XP) accounts for just 50% - 60% of current Windows users. 20% are still running Windows 98 (and 20% are running Windows 2000).
Why does that matter? Remember that Windows Update in Win98 was not automatic. In fact, it often completely failed to work!
Many of today's users had at least one bad experience with Windows Update before Microsoft got the bugs out. (You might recall that the Win98 version had several "known issues" including the infamous "freezes at 0%" problem that completely prevented users from accessing the update system.
Microsoft also alienated some users in the early days of Windows Update by marking unnecessary (even unwanted) system software as "Critical Updates." If I remember correctly, version 1.0 of buggy and bloated Internet Explorer 6 was installed as a "Critical Update" to IE5.
In short, Windows 98 users who tried Windows Update learned these lessons:
- Windows Update doesn't work very well (or at all)
- the updates do not appear to make any difference
- Microsoft uses this system to force unwanted software on me
It's no wonder many Windows users don't bother to fire up Windows Update. And as long as some Windows users are apathetic (or actually hostile) towards the update system, EVERY Windows user is vulnerable.
(A brief digression: users who have dial-up Internet accounts are less likely to use Windows Update than broadband users. They would need to see some major tangible benefit to keeping their systems up-to-date. Big downloads are relatively painless with broadband, but they're a major hassle for dial-up users -- especially to anyone who pays by the minute to be connected.)
Anyway.
It's clear that automatic updates are the way to go. Microsoft could easily fix the whole problem by issuing free software to make "Critical Update" downloads automatic in older versions of Windows. That would eliminate a major reason for upgrading to XP (i.e. because Win98 is insecure by default), but it would benefit ALL Windows users.
But there's the rub: this would eliminate a major reason (perhaps THE major reason) to move from Win98 to WinXP.
I spent more than an hour on the phone today with a friend whose Windows XP system was infected by the Blaster worm. She thought she was safe -- she has anti-virus software, she updates her virus definitions daily, and she thought she was using Windows Update regularly. (She was wrong, as it turns out -- Windows wasn't up-to-date, although she swears she said yes to automatic updates sometime last week.)
If a bright, conscientious, well-meaning user can get burned by this system, there's something wrong.
Solutions? I think "Critical Updates" should be mandatory for all Windows users. If people refuse to update the updated system software, Windows would shut down after a reasons period of time -- say 30 days -- until the user agrees to get the Critical Update.
Another idea: write and distribute th
The problem though.. why the f**k should an RPC patch affect whether or not I can open a .gmax file?
And this does not only affect this patch, but if you had installed SP4 the same thing happens. Its like my PDF files getting flucked because I got the new DirectX 9.0b.
Hmm.. patch and can't work. Don't patch and can't work. Crap.
And yeah, I just made a midnite run to a client site because mail/website/firewall were not responding. My OpenBSD firewall was tighter than a dolphins' ass. It was the whole damn Internet rebooting. ISP went up in flames.
When I saw this happen in our lab, I was trying to fix someone's floppy (yes, yes, I'm a lowly lab monitor at my U). I thought it was a broken floppy, but the strange thing was that the computer could read the fine just fine, but Copy/Cut/Paste was disabled in Word and in Explorer.
Our lab is XP-only, and it's very up to date on all security patches, with ONE exception, the machine I was using for the floppy recovery. That one is running Windows98, and I know for a fact it's not patched.
I'll look into it tomorrow, to see what's going on.
That day will never come. Enough of us are of an age to remember the days when there were fifteen different PC platforms out there and the huge splintered market for commercial software that resulted.
It's trouble enough for retailers to sell both Mac and PC games. Do you really think shrinkwrapped boxes are going to contain the seven CDs necessary to have the app run on 15 seperate OSes?
Yeah, everything will be distributed as source code. Uh-huh. People will like that.
A Good Intro to NetBS
Uhhh.. no. This is a side effect of a homogenized world. It's no different than growing a forest of cloned trees, or a race of cloned people. Because they are all identical, they all suffer the same weaknesses. As a result an infestation that would ordinarily kill hundreds instead ends up killing off the whole forest - or an entire race.
If everyone had macs (or linux) virus writers would be targeting macs or linux. The problem isn't just windows: it's that a single OS - a single "species" - is far too pervasive.
I saw this exact same problem today at one of my client's sites. I do work for a few small businesses, and one of them had this exact same problem, it wasn't msblast (that process wasn't running, and nothing was found by virus scan or the symantec remover) but we showed the exact same problems, the only fix we found (In nearly 8 hours of trying) was to complete reformat and reinstall...)
Hopefully someone will find out what this new virus is and create a removal tool for it, however I think this one might be pretty nasty, it completely hosed word/outlook and norton av on one system and trashed the windows installer service on another causing office and norton av to think they weren't installed, and making it impossible to reinstall them.
We also did not see it scanning, and it seemed to be infecting slowly (the client has 30+ machines all win2k, and after 8 hours only 3 had been infected, those 3 were pulled from the net then but they had many hours to infect the rest of the hosts on the network and didn't).
Any info on this new strain would be greatly appreciated.
It's not a new problem. Nor is any amount of wishful thinking is going to fix the problem, Microsoft's products just aren't engineered for security. It's a problem that would take years to fix. Bill Gates himself made allusions to the U.S. Apollo space program of the 1960's which was $25 billion over 10 years. However, for the time being, the security issue is treated like a PR problem and the customers are taking the lumps.
A this point the problem is sociological or psychological. Like any other cult, Microsoft provides a sense of purpose and belonging to it supporters. Note that neither a technical background nor even an analytical way of thinking is a prerequisite, thus fulfilling even the unconditional acceptance aspect of a cult.
As much as IT staff and, especially IT manangers, admire the personal wealth of Bill Gates, they just need to be able to let go of Windows and move on.
Move on, either to Macintosh or Linux or QNX or BSD or Novell there are many choice. There will be some up front costs, but even without the viruses and worms these upfront costs will be offset by the number of maintenance hours saved.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
It's a good point. There are sufficient users of Windows who don't seem to make the connection between Windows vulnerabilities and Microsoft: that is, they feel threatened/upset/whatever by the virus, but then the next computer they buy is still running Windows!
This is why Microsoft's trusted computing has the potential to do exactly what you suggest. If a no-brainer user reads Microsoft PR nonsense about how safe their computer will be with Palladium, they'll buy it, without considering the fact that Microsoft are also the people who've been leaving holes in their systems for years.
I did the Windows Update thing as soon as I installed XP Pro. Then the Windows File Search stopped working, Yahoo Messenger stopped working, and Windows Media Player wouldn't start at all. The fix was to re-install XP. Maybe that's why some people haven't/don't/won't use(d) Windows Update. The File Search issue is a known problem, according to Windows Annoyances, but I've never seen a mention of exactly which patch _breaks_ which other piece of the system!
I mod down all the "free iPod"-sig losers.
I have a friend the the GSA, and I told him this was going to be comming last thurs. He told his bosses, the told him, "We could get most of them upgraded, but it would be a lot of work. F*ck it" Needless to say most of there office went down, as did many of the gov't key GSA databases. It's not really funny, but....Ha Ha.
I know /. is the place to bash the microsofties, but don't let it get to your head. Remember, anything with the name Microsoft gets instant press, outside the techies the public thinks "apache" is the old movie name for a First Nations tribe.
.exe. Even then you get guys like this story highlights:
I regularly do security audits of all kinds of systems. When I walk in to a microsoft shop I can immediately tell how it goes. If the sysop says "I don't trust the patches, I test them, but they're not deployed unless there's a REAL problem" It won't go well, those guys usually don't update virus files either. On the other hand if the sysop is using patch management practices he can often go out in real time and check the current status of a server, workstation, and active version of the virus definition file in realtime (they usually have good WRITTEN policies on unauthorized (untested) soft/hardware with sanctioned backup). I haven't found malware in any of the latter cases.
I've yet to find a good *.nix shop. They often have good processes and procedures that SHOULD avoid problems, but the truth is it's easier to sign a piece of paper that says sourcecode was patched and applied than to actually do it. Things look great on paper. Check the source or decompile sendmail (one of my favorite targets) and it's another story. I'm still finding the same hole T.Morris used years ago on active servers. The excuse is always the same, "that was the way it came, shouldn't that have been fixed in the distro by now?" (i.e. too lazy to look, just signed the paper). Many don't even check SANS or CERT regularly. At least windows will notify you when critical updates are available, and all you have to do to apply it is run the
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
(How did this guy get his position or experience? Even "end-users" successfully use critical update with relatively NO technical experience or fiscal responsibility.)
Any sysadmin that can't keep a system patched, or falsifies patch records should be punished up to and including dismissal as far as I'm concerned.
Incidently, just so you know my audit document is the CERT advisories on securing systems. If you want a great basic book try OReillys "Practical Unix and Internet Security"
Has anyone figured out yet that as far as I'm concerned the problem is NOT theoretical design differences in OSs as much as the incompetance of the people running them?
It doesn't matter what you wrap your emotions around, Reality is a brick wall specifically designed to scramble eggs