Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm vs. Worm Battle Slows Networks

Posted by timothy on from the buncha-worms-are-involved dept.

joel_archer writes "According this article at the DrudgeReport, a worm, apparently designed to patch MSBlaster infected Win2K and XP machines, brings various Canadian networks to a crawl. Hardest hit was the 411 system, Air Canada, and Ontario hydro electric operations. Apparently this is causing more problems than MSBlaster itself."

8 of 559 comments (clear)

  1. Re:So? by joeykiller · · Score: 5, Interesting

    Who cares?

    Well, according to an article I read yesterday the MSBlast theory of the power blackout in the US and Canada isn't dead just yet. They don't think MSBlast was the reason of the blackout anymore, but that the worm slowed down and crashed monitoring systems. In that way the worm worsened the problem and didn't stop it where it could have been stopped.

    If this theory is right I guess 50 million americans without power cares whether incompetent admins can't keep their networks up.

  2. Another article... by Dark+Nexus · · Score: 5, Interesting

    The Register also has an article on this.

    Basically the same core facts, but also talks about the ethical issues with "good" worms.

    --
    Dark Nexus
    "Sanity is calming, but madness is more interesting."
  3. Not a good samaritan worm by Anonymous Coward · · Score: 5, Interesting
    If it were a good samaritan worm, why would it exploit the WebDAV hole, too? Fact is, this is a sneaky worm, not a prophylactic.

    It doesn't just kill the other worm. It replaces it. It's several orders of magnitude better at scanning, persists after reboot just like Blaster, and leaves a backdoor open, just like Blaster.

    OTOH, if you set your DNS to spoof "download.microsoft.com" and point it to an unproxied web server which gives it a different executable file instead of the patch it tries to pull, it will run that executable just dandy. Interesting things you can do to a worm-infected system besides patching it and leaving the infection intact are legion.

  4. Why weren't these systems patched? by chill · · Score: 5, Interesting

    Considering the original and first variant of the MSBlaster worm made major headlines, why were these systems still vulnerable?

    Are each of those systems equipped with a 9-volt battery and a cheap Somebody Else's Problem field?

    And don't give me that shit about airline computers having to be 24x7. If that were the case, they wouldn't be running Windows in the first place.

    --
    Learning HOW to think is more important than learning WHAT to think.
  5. Couple of things - train crashes etc. by skinfitz · · Score: 5, Interesting

    Firstly during Code Red it got blamed for Internet slowdown, until someone realised that some major net cables were damaged in a train tunnel fire that later turned out to be the real reason.

    Secondly, lots of people are (hopefully) going to be scrabbling for WindowsUpdate for patches which will also add to the bandwidth being consumed.

  6. Windows Emergency Services by YaiEf · · Score: 5, Interesting

    I served military duty in the Danish Emergency Management Agency and was shocked when I saw they were implementing the entire system for reporting all kinds of disasters and emergencies (everything from tunnel fires to radiation leeks) on Windows 2000. These computers were connected to the net - and knowing the place they would probably never be updated. And even worse - it wasn't even a stripped down Windows 2000 that only ran the necessary services - it was a default (apparently unpatched) installation complete with an autostarting Messenger.

    I'm not all that great on securing Windows boxes - but that sure didn't seem right. Considering this would be the first way (and for something like 5 minutes!) to warn the local emergency services of something - which could very well be a tunnel collapse/fire/whatever where 5 minutes easily can make a lot of difference in human lives. The program that was custom-made for emergency-reporting also seemed of pretty poor quality - most likely a case of lowest bidder with noone competent seeting intelligent rules for the bidders.

  7. 21st century version of CoreWars by DickBreath · · Score: 5, Interesting

    It's the new 21st century version of core wars.

    MS Windows Virus Wars. Comming to a desktop near you. Let the evolution begin.

    --

    I'll see your senator, and I'll raise you two judges.
  8. Re:Windows servers by gristlebud · · Score: 5, Interesting
    Our company borrowed one of those machines from the manufacturer to determine its effectiveness at measuring trace explosives in soil for environmental cleanup.

    Because we wern't a paying customer, we were sent the company's test-mule where all the new developments were tried before going into production.

    The machine used a lightly modified Windows 98 installation as it's OS. Security was non-existant, as any idiot (me) could go in and monkey with passwords, workgroup settings, and file locations. (I did this to get it to talk to our network for backup) I was concerned about this at first, until I realized that these devices

    weren't used with mice or keyboards

    and typically had armed guards nearby who took a dim view of people monkeying with the hardware

    As far as the installation of windows, we used it for 3 months straight, with absolutely no crashes whatsoever. The only time it was rebooted was when it was shut down for the weekends.

    --
    OK...
    I can do this. I am, after all,
    a superhero!