Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm vs. Worm Battle Slows Networks

Posted by timothy on from the buncha-worms-are-involved dept.

joel_archer writes "According this article at the DrudgeReport, a worm, apparently designed to patch MSBlaster infected Win2K and XP machines, brings various Canadian networks to a crawl. Hardest hit was the 411 system, Air Canada, and Ontario hydro electric operations. Apparently this is causing more problems than MSBlaster itself."

9 of 559 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  2. Re:This is exactly why by admbws · · Score: 5, Insightful

    It's a case of a lesser of two evils. The problem is, there are thousands of exploitable boxes and if nothing is done about it, in the long term, this is going to cause some serious problems. Many of the owners of these systems will never fix or patch them themselves.

    It's really a toss-up between a worm that temporarily slows down networks by spreading and patching the systems it infects, then automatically deleting itself after a set date, or a script kiddie scanning the entire internet, picking up these boxes and adding them to his DDoS network, which can slow down all or any network(s) (root DNS servers, anyone?) he or she chooses at a later date.

    It is for this reason, IMHO, that these exploitable boxes are a threat to the integrity of the internet, and while writing a worm to automatically patch the systems might be rather militant, something has to be done about it.

  3. Re:Hm... by zcat_NZ · · Score: 5, Insightful

    Personally, I'd have written a worm that enables automatic updates and XP's inbuilt firewall. If windowsupdate can't handle the load perhaps they shouldn't have designed it in a way that -purposely breaks- normal web caching.

    The current round of worms are clumsy and unimaginitive. I think it's only a matter of time before we see a worm that does some -real- damage.

    --
    455fe10422ca29c4933f95052b792ab2
  4. Re:Ultimately... by Tim+C · · Score: 5, Insightful

    Many ISPs already filter the standard windows NetBIOS ports (137-139, i think) because of possible attacks.

    I see that as a good thing. What possible reason is there to have file and printer sharing open to the internet?

    True, it shouldn't be the responsibility of the ISP, and no, I'm not exactly happy with the thought of port filtering becoming common place and extending to other ports (ftp, ssh, http, etc - after all, "it's a home connection, you shouldn't be running servers..."). As an interim measure, though, it at least does help to contain the problem.

    If people don't start taking their own computer's security seriously

    I think you have that wrong. People do take their computer's security seriously, they just don't know enough about it. They also, largely, expect to be able to just switch their computer on, and have it work, like everything else they use. TV, video, dvd, microwave, car, central heating - they're all made, installed or set up once, and then just work. If they break down, they're replaced, or a qualified engineer is called to fix them.

    People aren't yet used to the idea that computers don't quite act like that. You and I may have been working closely with them for years, but most "ordinary" people haven't. So, they expect them to require the same amount of effort as everything else they use.

    I think that PC manufacturers could go a long way to helping here - shipping with firewalls and virus scanners preinstalled and configured. Perhaps have a couple of big, impossible to miss buttons on the desktop - "click here if this machine is connecting directly to the internet", "click here if this machine will not connect to the internet, or will connect via another machine on the network", "click here if you don't know what that means", that configures the machine appropriately for its role. That way, the gateway can be secured, while the rest of the network can share files and printers. No, that's not a foolproof plan, but I think it would go a long way to helping solve the problem.

    Don't just bitch and moan at the "clueless, irresponsible" users - teach them to know better, and help them while they're learning.

    --
    It's official. Most of you are morons.
  5. Re:Ultimately... by iamacat · · Score: 5, Insightful

    Surely operating systems should be very secure by default, as in not accepting ANY incoming connections, no ActiveX, no executable e-mail attachments. One shouldn't have to install security patches every week just to read e-mail and browse the web.

    What we have here is one company's lack of responsibility and desire to make a quick buck without working on software quality. Its so fortunate they don't make cars.

  6. Re:Oh FFS! by cbdavis · · Score: 5, Insightful

    We got this crap at work. Firewalls didnt help
    because someone in the office took his notebook
    home, got infected and then brought notebook
    into work. Silent infection. You can build
    multiple firewalls but it is worth nothing if
    your users dont protect their networks at home.

  7. Re:But, but, but.. by FuegoFuerte · · Score: 5, Insightful

    From what I've read, this worm actually does use the same vulnerability. And why block port 135 completely? Doing that risks breaking ish. Breaking ish isn't a good thing. No, here's what a better worm would've done:

    1) Once on a box, clean and patch said box.
    2) Sit and listen to port 135, waiting for Blaster to rear its ugly pulsing-zit-like head.
    3) In response to Blaster probe, install itself on Blaster-infested machine and start over at 1).
    4) On some set date in future, or when number of Blaster-probes remains 0 for a predetermined time (say 1 month), remove itself from system.

    By only loading itself onto machines which first probe it (trying to spread Blaster), it completely eliminates the stupid network scans. In that way, it only attempts contact with machines which have shown themselves to be Blaster-infested, while leaving the rest of the internet alone.

  8. Re:Windows servers by JTunny · · Score: 5, Insightful

    In my hiatus from technical employment (over now after 18 long months) amongst other things I've worked as a baggage handler.

    The clients for the baggage reconciliation system (BRS - ensures bags travel if and only if the passenger gets on the plane, implemented after Lockerbie) run on Windows 3.1!!!

    First thing I thought is, what happens if someone wiretaps the network cable? I'd guess it wasn't encrypted, or if it is, it's a 10 yr old technology, How long would it take to crack it, learn protocols and be able to wreak havoc?

    Must by archaic/vulnerable systems like that in key installations everywhere. Scary to think.

  9. Re:Windows servers by dukerobillard · · Score: 5, Insightful
    How about this one: The Canadian government's Office Of Critical Infrastructure Protection and Emergency Preparedness runs IIS.

    It's just their website, dude. It's not some mission-critical thing.

    This is like a fire station which keeps the bin full of oily rags next to the Captain's personal collection of matchbooks from world-famous hotels.

    No, it's as if a fire station's PR firm had the oily rags and matches. Well, if fire stations had PR firms, I mean.