Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Microsoft Worm Coming Soon?

Posted by CmdrTaco on from the get-ready-for-impact dept.

Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.

14 of 497 comments (clear)

  1. The thing is... by Meat+Blaster · · Score: 3, Insightful
    We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right?

    No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.

    1. Re:The thing is... by whereiswaldo · · Score: 3, Insightful


      * Someone mod this guy up - it's no troll.

      I think its a crock of shit that patches to Windoze require you to agree to things that you didn't when you originally bought the operating system. Make it the same as a car recall, where the responsibility and liability falls squarely on Microsoft to fix a defective product at their expense, not ours.

      What you're saying makes complete sense. The fact that it is legal for Microsoft to change the agreement they have with the end user just because the user is trying to keep their system up to date is outrageous.

      I believe a number of the security flaws (including Blaster) can be averted by using firewall software to block all ports except those you need (eg. the RPC port).

      I love it that all the Linux boxes I take care of haven't had a lick of problem since they've been set up. Blaster came and went and they didn't need any updates or reboots. Just glorious.

  2. Great by Anonymous Coward · · Score: 3, Insightful

    So more companys like Air Canada can get hit and blame it on the worm makers, yet never blame it on there stupid IT department that had three weeks to patch the system and never did.

  3. Re:OT: Unofficial Hostility in "Cyber Space" by Anonymous Coward · · Score: 3, Insightful

    Actually Sino-US relations have been constantly improving going all the way back to Nixon. Carter also did a lot to further relations. There are also plenty of US businesses operating in China (some of which have been mentioned on Slashdot in the past).

  4. Re:The Amazing Flying Hackers of China! by caluml · · Score: 5, Insightful
    To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

    Mod me down, troll/flamebait, I know.
    However, mod me up if you feel that this might make people start patching their systems.

    --
    Get your own free personal location tracker
  5. Re:The Amazing Flying Hackers of China! by IM6100 · · Score: 5, Insightful

    A worm/virus that trashes it's host doesn't do a good job of propagating. These sorts of programs can do so at a 'time bomb' setpoint, if the designer feels the virus/worm will have propagated widely by that time, of course.

    --
    A Good Intro to NetBS
  6. Mod the college student down... by toupsie · · Score: 5, Insightful
    Well, if the only thing you are doing is running AIM, IE and Kazaa, I would agree. However if you work in an environment with mission critical apps that cannot fail, you can't just simply "patch your systems". You must test, test and retest.

    Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?

    However, I don't mind Microsoft security problems, it keeps food on my table.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
    1. Re:Mod the college student down... by CausticWindow · · Score: 4, Insightful

      You're right about having to test a lot when applying patches in such an environment.

      However, applying two ten line, plain text, patches on OpenSSH is a slightly more deterministic procedure than installing the lastet five megabyte patch from Microsoft.

      --
      How small a thought it takes to fill a whole life
  7. Re:Products NOT affected... by calethix · · Score: 4, Insightful

    I laughed when I read that

    "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions."

    Does MS really expect the average Win95/98 user to read that and think 'Oh! I better go out and get me a copy of that Winders XP. It may have viruses and worms but at least I'll be supported.'

  8. Re:OT: Unofficial Hostility in "Cyber Space" by rodgerd · · Score: 4, Insightful

    Other way around, son. US business is so hopelessly dependent on cheap Chinese labour and just in time manufacturing that there'd be chaos if China was embargoed.

  9. Re:Survival for Virus: Don't Kill Your Host by Penguinshit · · Score: 3, Insightful

    I got the Michelangelo virus back in the day: One morning I came into work and there was paint all over my ceiling...

    Anyway, I believe the days of boot sector trashing viruses are over. It's much better to root and take control of a large number of systems than to indiscriminately destroy one or two. Recent discussion regarding the SoBig variants illustrates this point (ie, possible use as a Distributed SPAM engine). There are already numerous viruses out there which allow the perpetrator to orchestrate a massive DDoS.

    The "evolution" of which you speak is merely an evolution of desire and sophistication by the creators of such malware.

    --

    I have something in common with Stephen Hawking...

  10. Re:HIV by Nintendork · · Score: 3, Insightful
    A computer virus could wait several weeks before it nuked the hard drive.

    A virus/worm that did this wouldn't make as big of a splash when the payload executes. Anti-virus companies would have updated virus defs out there within a day or two of distribution and a lot of people would become disinfected before the symptoms kicked in. Plus, the more damaging the payload, the wider the news will reach and people without anti-virus software would use free removal tools.

    -Lucas

  11. Re:OT: Unofficial Hostility in "Cyber Space" by 4of12 · · Score: 5, Insightful

    constantly improving

    Over the long haul, yes.

    But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade, and when a U.S. spyplane flying off the coast made an emergency landing on a Chinese island.

    Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).

    This is in the same grand tradition that is done in the United States and in Russia, so the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.

    --
    "Provided by the management for your protection."
  12. Treason or perjury? by SgtChaireBourne · · Score: 4, Insightful
    This bug came from China, and Microsoft has sent the source code to China ..
    That there is another Microsoft worm this week should come as no surprise. If you recall from the anti-trust trial and the appeal, Jim Allchin pointed out that Microsoft code was so flawed it could not be safely disclosed. It was even claimed that showing the Microsoft source code could damage national security.

    So, was it perjury or treason? You decide.

    Either way it's not a set of ethics that would induce me to resume business with them ... ever.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.