Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Microsoft Worm Coming Soon?

Posted by CmdrTaco on from the get-ready-for-impact dept.

Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.

10 of 497 comments (clear)

  1. Re:Where's the update? by jhoffoss · · Score: 4, Informative
    TechNet article: here.

    Patch: here. (For XP...this and the rest of the patches are also linked on the above page.)

    Scan tool: here.

    --
    Linux: The world's best text-adventure game.
  2. ..and here's the exploit. by bernz · · Score: 5, Informative
    just to help things along, here's the exploit that the worm will use.

    http://www.k-otik.com/exploits/09.16.MS03-039-ex p. c.php



    i'd post the code, but /. won't let me.

  3. Just bad, sensationalist piece of news. by Anonymous Coward · · Score: 1, Informative

    A Chinese RESEARCH group did post an exploit for that particular vulnerability in their web site. Anyone can download it and the site is quite well known. There is no conspiracy or secret war going on.

    iDefense is a firm known for their lack of expertise and that actually pays independent researchers (aka pennyless ppl) a misery to get their hands on new vulnerabilies and exploit code - all fair until you realise that most of these payments are in the $50 region.

    This reminds of the news of the asteroid and the craze around it crashing on earth - the scientists were not happy.

    P.S. No. I'm not chinese.

  4. Re:MS Security bulletin? What about... by mph · · Score: 5, Informative
    What am I missing?
    Buffer Overflow in Sendmail
    New ssh Exploit in the Wild

    The problem seems to be that you're running late, not slashdot. The above stories were each posted the day before you claim that the vulnerabilities were discovered.

  5. Re:This is but one of two by pe1chl · · Score: 4, Informative

    Tonight 3 of these arrived here. It is an e-mail message that contains a .exe attachment that promises to be "the latest version of security update, the
    "September 2003, Cumulative Patch" update which fixes
    all known security vulnerabilities affecting
    MS Internet Explorer, MS Outlook and MS Outlook Express
    as well as three newly discovered vulnerabilities."

    Apparently lots of people just doubleclick it.

  6. Re:I think there's already something new going aro by ncc74656 · · Score: 4, Informative
    NAI has new defs that cover it now, and I assume all other others do too.

    Just checked with Symantec...while the updated defs aren't available through LiveUpdate, they are available by downloading the Intelligent Updater. How smart of them...instead of sending out a couple hundred K, they force people to download 4 megs each until next Wednesday. It's their bandwidth, I suppose...

    (I reran NAV after getting today's defs...it identified the file as containing Worm.Automat.AHB. SARC says nothing informative about it, but F-Secure says the following:

    There is no virus known to us by this name. However, Norton Anti-Virus uses names like W97M.Automat.A to name viruses which have been detected automatically.

    Another 5-10 copies arrived since my last post...busy little fscker, isn't it? Rabbits don't breed this rapidly.

    --
    20 January 2017: the End of an Error.
  7. Re:HIV by Daniel+Phillips · · Score: 3, Informative

    Anti-virus companies would have updated virus defs out there within a day or two of distribution and a lot of people would become disinfected before the symptoms kicked in.

    You can't count on this any more, since the technique of downloading the actual rootkit from the web became popular. Virus companies can't possibly know every trojan that can be posted to a random web page and downloaded by the worm. Hence, "disinfecting" is going to become a more and more dubious proposition over time.

    Proper cleanup requires a full system reinstall, compile with all applications and utilities. Get too lazy to do that, and you're going to find out what a really subtle trojan can do.

    --
    Have you got your LWN subscription yet?
  8. Re:Ironic by Keeper · · Score: 2, Informative

    That would be because the Win9x codebase doesn't have DCOM ...

  9. Re:The thing is... by whereiswaldo · · Score: 2, Informative

    You are thinking of service packs. Patches don't have EULA's. And if you are that paranoid you should switch to Linux and stop bitching.

    Service Packs and Patches are the same thing: They provide updates to your software. Microsoft can call them whatever they want. They will always be patches.

    To your last comment: I have switched, almost at 100% now with that as my goal.

  10. Re:HIV by Anonymous Coward · · Score: 1, Informative

    Anti-virus companies would have updated virus defs out there within a day or two of distribution

    Not if they don't know it exists. Duh. That's what the OP was talking about when they said "It slowly multiplies over a long period of time before causing symptoms."

    "No symptoms" means no one knows it exists, and no one makes AV software detect/remove it.