Slashdot Mirror
"Witty" Worm Wrecks Computers
An anonymous reader writes "A new Internet worm wriggled across the entire Internet in the span of a few hours Saturday morning to all computers running several recent versions of firewall software from Internet Security Systems, including BlackICE and RealSecure, according to this story at Washingtonpost.com. The flaw that Witty exploited was discovered Wednesday by eEye Digital Security. The worm overwrites data on the first few sectors of the victim's hard drive, making the machine virtually ubootable and potentially destroying much - if not all - of the victim's data." Update: 03/21 02:18 GMT by T : Reader Jeff Horning points out that eEye actually disovered the worm on the 8th of March, and came up with a fix the next day.
Although they ain't perfect, at least they're not running on your computer. Yikes.
How can we blame M$ for this?
Insert "witty" first post comment
At least a patch was available before the worm hit.
Ouch. Is the company liable for the backdoor used?
glad to see virus's doing some real damage now, im tired of these stupid virus that just send out emails.. how weak, if we had more virus's that would wipe out entire systems then there would be some more pressure on software companys to fix things
It's a shame when the very piece of software you set up to protect your system turns out to be your system's destruction :(
That's not bill gates fault.
I'm waiting for the plague of locusts...
Worms and Viruses caused DATA LOSS!
It's nice to see a worm that actually damages your disk once again. Perhaps people will begin to see them as more than a nuiscance.
I mean seriously who ever thought it was a good idea to run a firewall on the actual computer connected to the net ? I mean you can buy an applicance router/firewall that is GOOD for what 29 Bucks , thats what I just paid for my netgear wireless router. I have never understood why you would want to run the firewall on the actual connected system. Guess they cant say its better than running nothing anymore.
Do you really expect us to believe more than ten people worldwide run Windows on their firewalls? ;-)
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
FUCK!
I just now (10 min ago) plugged my laptop into my brand new DSL modem... Now I have to install the antivirus program before rebooting... Shit shit shit...
I propose we introduce the death penalty on the sick motherfucker who wrote this fucking piece of shit virus. FUCK!
(And no, I haven't watched any Tarantino films lately)
"Why Subscribe?" Good question...
"All computers", you sure?
Don'tcha mean "Windows computers"?
Me and my Quantian box are browsing safely and recklessly.
On a less triumphant note, I'll eventually get called to fix Windows machines that suffer from that worm. How can you recover someone's data from an unbootable HD?
So who is responsible. Is it the MSFT developers for making the exploit, or is it the harddrive manufactures for making those sectors readable?
Most infected computers will have to be rebuilt from scratch unless their owners instead decide to buy new ones
I didn't know worms were so powerful now that they could melt a computer into a pile of toxic sludge. : /
-Colin
OS bugs are bad enough, but this flaw is totally confined to the very code that was purposely added to protect you. I had a few customers on this product, but got all of them behind cheapo linksys routers long ago. Someone is surely going to get sued over this.
Seriously, I was working on removing blaster from my friends computer less than an hour ago.
I don't get this shit on my computer because I use a firewall and PC-Cillin updates daily. It's a shame because as linux becomes popular, viruses will exist for it too. True, they may not exploit holes known publicly for months, but they'll still exist.
"FGTRGDI" (Feels good to run gnu/linux doesent it?)
More cryptic acronyms to the people!
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Now that you've got yourself a computer system at home, you'll want to protect it from the evils of the Internet. Because Operating Systems are chock full of holes just waiting to be exploited, you should, at a minimum, take the following steps... Step 1. Go out and buy a firewall product for your machine. Also pick up some virus protection software. Step 2. Ok, now install the firewall software... Oh......Damn It!
First, the speed at which the exploit was translated from advisory to a malicious worm.. Second, this is one of the few old-school "do as much damage as you can" worms. At least it makes a change from the monotony of the mass mailing attachment exploit variety of viruses..Not a welcome change for the people who got hit by it of course :(
By the way, in case you get prompted for registration and your principles don't allow you to give out your email address, use Bugme Not to find a login. Click here
How would overwriting the first few sectors result in loss of all data? Wouldn't that just overwrite the boot sector only? Can't you still retrieve your data?
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
Now, every windows user aware of this will believe a firewall is a great danger for his computer.
Oh... After all, what will it change ?
If the only thing this does is wipe out the hard drive, how does it spread to other systems? Is there a dormant version of this, or does it postpone doing the damage for a certain number of hours? The articles didn't explain.
"With all these hard drive problems, the infection rates are going to shrink pretty quickly as all these affected machines grind themselves to a halt," Stewart said.
Well thanks Stewart. I'm glad to know I won't have to worry about the infection rate of AIDS once most people have AIDS.
-Colin
From LURHQ
"This worm has been found to be highly malicious, slowly destroying the systems it infects. Because of this activity, at some point this worm will cease to exist - unfortunately it will take all the affected systems with it. Rather than simply executing a "format C:" or similar destructive command, the worm slowly corrupts the filesystem while it continues to spread."
Like many biological viruses it slowly erodes the health of its host, permitting the host to go on infecting new hosts for some time. How long exactly appears to be unpredictable.
It doesn't kill its host outright immediately and it doesn't allow its host to continue indefinitely. Its like a true disease, a terminal illness for computers (pun not intended).
I think this will be with us for a while, particularly when mutations start showing up.
In the free world the media isn't government run; the government is media run.
Comment removed based on user account deletion
Stanford's week just got a bit tougher, I'm afraid.
Ce n'est pas un vrai mouvement de robot!
"All computers", you sure?
Well, any computer running BlackICE under Linux is screwed too, though for different reasons.
The ______ Agenda
It's a weekend, why should they care about putting out their timely alerts, eh?
"Officials at the Department of Homeland Security, which is in charge of the government's cybersecurity efforts, were unavailable for comment."
Several months ago, Microsoft CHKDSK effectively destroyed one of my NTFS partitions -- it managed to screw up $MFT (which points to the location of the Master File Table) and the copy of $MFT within $MFTMirr (which is supposed to be used if $MFT is broken). Anyway, long story short, I spent a couple weeks staring at hex dumps and printouts of the Linux-NTFS project's NTFS documentation. After consuming inordinate amounts of caffeine, I came up with SalvageNTFS, an open-source NTFS data recovery tool that got back all the data I wanted. Assuming the physical media is intact (as in, all read requests to the disk are successful), SalvageNTFS can retrieve data if there is even a single record of the MFT intact.
If the first few sectors of the disk are overwritten, you'll lose the MBR, the partition table, and maybe the boot sector of your first partition. However, the filesystem of that partition is likely to be largely or completely intact. Think: in a few weeks with no prior knowledge of NTFS internals, I created a tool that can continue to operate in this environment. I'd hardly call that a "total mess".
Newspapers, magazines, letters, and stamps.
How 1980s. Yikes.
My father is a blogger.
This infection started as early as 9:00pm central time.
Allow me to alliterate:
Witty Worm Wrecks Windows
-Colin
Why does Windows allow writing to a part of the hard drive that would permanantly corrupt it?
Or are they just blowing the whole story out of proporting when it in fact just erases your boot sector?
well, you did ask....:
'FRTBRaBDI'
=Feels Rightous to be running a BSD, Doesn't it=
'FRGTBUABMSDI'
=Feels real good to be using anything but MS, doesn't it= (ok, this one's a bit much, I think...)
'IARGFTNHTWAVAWSMIT'
=It's a real good feeling to not have to worry about virus's and worm's so much, Isn't it?=
'NIKWIUU!'
=Now I know why I use Unix!=
'W!IHTIUAM!'
=Wow! I'm happy that I use a MAC!=
--- ok, that's enough, need more beer.
have fun!
Sometimes people just have to learn and adapt to change, it is one of the requirements of being a living thing.
IPCop for a router/firewall, then Kerio Personal Firewall on each Windows machine.
I'd advise anyone who depends on any kind of software firewall to go out and buy some sort of hardware firewall.
I reccomend Linksys
Those who depend on Windows Firewalling should beware also.. in fact I'm surprised it wasnt that firewall that was exploited in the first place.
Hey, serves these folks right! I mean who'd be stupid enough to have a Windows machine on the internet without any kind of firewa...
err, never mind.
Installed a snort rule this morning using:
7 76974747920 6d6573736167652068657265|";re\v:1;)
2 0.
alert udp any 4000:5000 -> any any (msg:"Witty Initial Traffic";
content:"|29202020202020696e7365727420
Found via http://isc.incidents.org/diary.html?date=2004-03-
After running it for about 10 minutes and seeing 1,000's of matches, I decided it was better to delete the rule since it was logging to a MySQL database for fear of overloading the disk, and go back to bed.
You could say this was Microsoft's fault for making a crappy, userless don't-manage-memory-well kernel, for having inadequate file systems that lack permision bits, and the list goes on and on. Why else did the poor suckers have to BUY a third party firewall? Because Microsoft is a toy OS that has no place on the internet, that's why. There are many other good reasons this is Microsoft's fault, I'll leave them to others. That would be funny if it were not true.
you forgot Step 1.5 "buy another Firewall/AV product" and Step 1.75 "Follow 'Scotty's guide to backup systems' "
This is indeed a particularly nasty worm. Several other divisions of my company are battling infections. The master boot record on an infected host is almost certainly destroyed by this little dandy and any host which might have been rebooted before an infection is detected is inoperable. Thankfully it is only the relatively recent versions of the software packages that are effected. The divine combination of wisdom and laziness has found this systems administrator blessedly behind the times. The decision to stop upgrading out ISS tools in favor of a push towards OSS now seems all the more prescient. For those in the community who expect big businesses to flop over to OSS immediately, don't hold your breath. Nothing happens over night because big business is slow, no matter how fast the company's advert department declares them to be. We've been actively switching systems over to Linux and OSS for two years now, but the average depreciation cycle means that it takes a minimum of 5 years to switch over an environment, and that only if you put a stake in the ground. Realistically it takes 7 to 10 years to switch over and IT environment in a company which judges IT investment solely on Cost Benefit Analysis.
Yeah. Knoppix to the rescue! (Again)
Elitist Mac-Using Fuck, And Proud Of It...
Did I Mention I Never Get Windows Viruses
EMUFAPOIDIMINGWV
It's the catch phrase that's sweeping the nation! Okay, okay, that's "You're Fired" but this one is gonna be hot next year!
RealSecure, indeed.
eEye Digital Security supposedly found the flaw last wednesday. Did they publish the information last wednesday after giving Internet Security Systems plenty of time to fix it? Or did they release it without ample time? If the former, how much more liable would ISS be? If the latter, wouldn't that be irresponsible?
wait, nevermind.. The ISS download site says they released the patch on the 9th. So I guess people had about a week to update the firewall?
In times like these, it is helpful to remember that there have always been times like these. - Paul Harvey
Most if not all user agreements for any software, anti-virii, Windows and it's related software usually contain:
In no way can you hold us responsible for loss of data, damange to your system bla bla bla.. basically use at your own risk.
I bet this worm was written by a disgruntled network administrator sick of those "I'm being attacked" emails.
Bill Gates will pay you good money if you can write such a thing. Gooooooood Luck. Ha.
> More cryptic acronyms to the people!
That's MCATTP around here, chum.
Sheesh, evil *and* a jerk. -- Jade
but this is inherently why the idea of a firewall LOCAL to the system it is protecting is a ... shall I say "retarded" idea.
A firewall is best a physical device between your network and the "great big intarweb". That way if your firewall IS comprimised, you arent immediatly toast.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
1. Insert 'Witty' Joke here 2. ??? 3. +5 Funny!
Stanford's week just got a bit tougher, I'm afraid.
:)
What are you talking about? Stanford just had their first NCAA Division I wrestling champion in history. (Watch it live on ESPN2, right now.) So what if their basketball team lost? There's more to the world than silly round-ball sports
A computer virus isn't what Google thinks a Witty Worm is (not at all work safe :-) ).
Matthew @ Bytemark Hosting
I told him I would never buy any of their products since I figured they were just as likely to insert their own backdoors in the products due to maturity reasons.
This is just priceless though, I wish that guy a hardy Nelson "har har".
Never overestimate the end user. -jeramy b. smith
They can't respond to their email, because their machines won't boot?
After all, they're all using Windows, right?
This would also be a perfect time to come up with an expression you could actually pronounce...
Surelly you could still access the data and copy it onto another Hard disk, burn it to CD or copy it to a USB pen by running Knoppix.
The first few sectors of a hard drive (read MBR Boot loaders) aren't very hard to recover. Even if it damaged super important filesystem data a chkdsk -r will fix it up no problem. Where on the hard drive though could you erase to totally scrap a Windows OS?
Now, every windows user aware of this will believe a firewall is a great danger for his computer.
This would provide a nice counter to the current view that having a firewall makes you immune to viruses and worms.
Actually, it's good, in the darwinian sense. nondestructive viruses aren't instructive.. People won't change their behaviors if the virus does nothing more than slow them down.
Besides application specific rules which another poster has mentioned, software firewalls also better REMOTE address filtering - I've recently been researching this, and few, if any, of the "29 bucks" routers will provide anywhere near the level of control that a software firewall provides. For example, if I wanted to run a development web/database server and I want to restrict access to a handful of IP address (yeah, I know, VPN, blah blah blah) there are no other "cheap" options.
Why? The hardware router guys want to push customers requiring this stuff to their professional $200+ lineup.
of the user's data.
-dameron
Back then I think it was called virus dos, a self copying apple dos 3.3 system image that would also slowly eat the file system it copied itself to over time and I think it is one of the original computer worms or viruses. We got it at Devry where I think at the time they also had the black (poison) apple ]['s so I guess it made sense.
According to Symantec's Witty information page, Norton Antivirus can't detect it because it is memory resident only, and never written to disk.
As the story summary states, it "attempts to overwrite 128 sectors in a random location of one of the first eight physical hard drives with data from memory. If the randomly picked physical hard disk does not exist, the worm simply continues." Devastating.
BlackICE patches are available.
This is why I tell people who insist on running windows that they need to get a hardware firewall, or a non-windows machine as a firewall, not a software firewall on windows.
When I hear about these new exploits and the massive chaos that follows, I just smile. I have told all of my friends and family about the price of using windows, so if they get burned they should have known it was coming. Also since all of my Windows machines are on my internal network shielded by a Slackware box, and the only onther machine that connects to the outside directly is a OSX machine.
RTFA. This is not a Windows flaw, but an exploit in those firewalls. Blaming Microsoft for a 3rd party software vendor's fault is rather irrational. And besides how many exploits have been found in let's say bind/sendmail in the past? Personally I've never come across any of those firewalls, and I doubt any of them represents a major part of the personal firewall market.
The average joe isnt going to be monitoring any lists.. they will just ( hopefully ) plug in whatever box that came with their pc.. or at worst, accept defaults on software, which normally is useless..
Thast the reality of 90% of the 'home users'.. so a 'free' hardware firewall is the best solution. Since they give away printers, they shoudld be giving away firewalls too.. they are just as cheap. ( though, yes i realize that they make their money via ink carts.. but you get my point )
---- Booth was a patriot ----
Just a few days ago people were commenting, 'its not like the old days where most virus outbreaks caused damage. Now they just set up spam-bots.. bla bla '
Welp, heres a 'evil' virus/worm for ya.. Hope everyone is feeling better now. ( and its not attacking an OS but 'security software'.. how lovely.. )
---- Booth was a patriot ----
This is why having a firewall running on the machine(s) it's supposed to protect is idiotic.
When will the Windows world (and, to a lesser extent, the *nix world) wake up and realize that putting all services on a single box is just asking for trouble?
A firewall should be a dedicated, hardened host that is easily rebuilt if compromised. A firewall should not be the only layer of security.
.@.
Actually, pretty easy.
:-)
If you could actually turn off unwanted and insecure services you wouldn't NEED a firewall.
My FreeBSD/Linux based routers serve as firewalls for my Windows boxes. Very easy to turn off everything but ssh.
In Windows you can't even tell whats running let alone shut it off. There are many ports that get attached to every interface and no way to fix it.
The first and only firewall most people need is an OS that doesn't open itself up to the world like a cheap two-bit, umm, door. Or something.
Hey, it's cool, man. I share your pain. But it'll be easier if you just let it out, ya know? :-)
Congrats on the wrestling thing, though.
Oh, yeah - Roll Tide.
Ce n'est pas un vrai mouvement de robot!
OTOH, if Windows were to ship with a functional firewall (such as IPTables), nobody would ever need the 3rd-party software in the first place.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
From looking at the disassembly it looks more like it sends 20000 copies of itself to random destinations, then tries to open one of HD0-7, if the open fails it goes back to sending, if it succeeds it overwrites a random 64kB-aligned 64kB chunk of the first 2 GiB with some data, reseeds the prng and goes back to sending, if the open fails it simply loops back to sending another 20k copies.
I'd hardly call 2GiB a few sectors...
True, but then all the companies making firewalls would get the government(s) to declare Microsoft a monopoly preventing them from selling their products. Probably because even if Microsoft were to create an effective firewall, they probably would depend on monopolistic activities to sell their product rather than depend on a superior product--all hypothetical of course.
Our founding fathers removed the guys in charge. Be American. Vote incumbents out.
More cryptic acronyms to the people!
... maybe ... VABULI could work (Viruses Are Bad, Use LInux.)
I don't really think that's an acronym. Google defines it (or rather; finds it defined as:) (n) A word formed by joining the initial letters of a series of words. (Emphasis mine.) Now FGTRGDI doesn't feel or sound like a word to me. It's just an abbreviation. A word should have no more than two consonants in a row, three only as an exception. Anything more than that and it'll only pass as an acronym in the Welsh language. However
Look a monkey!
LRC, the best-read libertarian site on the web
Strongbad is truly awesome ok.
t ml
:P
Just finished his 100th e-mail reply in WIDE-O-VISION
http://www.homestarrunner.com/sbemailahundred.h
But on-topic on "the achievement": I'm impressed and hope that he will make a nice bootable floppy for that tool so that I can use it if I need it.
I'm impressed, you just sound jealous
This is the sig that says NI (again)
OTOH, if Windows were to ship with a functional firewall (such as IPTables), nobody would ever need the 3rd-party software in the first place.
And if MS did that, someone would've sued them for monopolising the personal firewall market.
Seems like everyone's written one of these. Here's one a friend of mine wrote.
http://memberwebs.com/nielsen/windows/scrounge/
I am running win xp pro with zone alarm firewall. Twice today I have had a blue screen come up and say that there is a system stop due to a program trying to write to a read only portion of memory. It then says that it is dumping physical memory to disk. After about a minute it reboots and runs fine. Does this sound like the worm in question?
Today's vices may be tomorrow's virtues.
It was a great feeling the other day when the wife was checking Email on her Linux workstation and asked me about a funny attachment she got from one of her girlfriends.
As shitty as MSFT has acted, it's not a bit sad to watch them slide.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
you'll be using both and monitoring both white and blackhat security sites daily
Are you serious? I have a hardware firewall, local firewall and an anti-virus program.
They local progs check for updates. I have better things to do with my life than worry about computer security, unless a virus learns how to overwrite the write-once CDR backups in my fire-safe!
better to turn off services and shut all your ports down. on fedora, that is just about a cinch. assuming you shut down your ntp daemon. just run ntpdate once in a while. and use startx --nolisten tcp. firewall code is just more code running as root that can be exploited!
and guess what windows is doing. yes, rather than turn off the crapware they're putting in a 'personal firewall' in xp. yippppeee.
Till you have to actually get some work done!
/. does not constitute work.
Trawling and posting on
Thou dost protest too much, sir troll.
Remember... ZG9uJ3QgZm9yZ2V0IHRvIGRyaW5rIHlvdXIgb3ZhbHRpbmU=
About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats.
You can't remote root a system with no open ports unless the firewall code itself is compromised.
And _that_ I've never heard of (except in the case of BlackICE and ZoneAlarm)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It doesn't just write the the MBR. It pushes 64k of data to RANDOM locations on a randomly selected hard-disk. At some point it bombs the MBR, but it bombs other portions of the disks on a machine.
NASTY worm. Definitely old-school in nature- I wondered when someone would get around to making something along these lines.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Linux..
I grew weary of this bullshit about 2 years ago and totally abandoned the norm.
I've had ZERO concern over any of the last two years worth of viruses, worms, trojans, spyware, malware, 1984ware, hackers, crackers, etc, etc..
When someone starts beating on you, you have to be pretty dumb to stand there and let them continue to beat on you. A wise man strikes back.
Fsck that "turn the other cheek" shit..
The worm's functionality is as follows:
1) Generates a random IP address
2) Sends the worm payload
3) Repeats steps 1-2 20,000 times
4) Opens a random PHYSICALDRIVE from 0-7, which allows raw hard disk access
5) Seeks to a random point on the disk
6) Writes 65K of data from the beginning of the vulnerable DLL to the disk
7) Closes the disk
8) Starts the process over from step 1
(emphasis mine)
Well i'm glad this was posted on slashdot even though I had submitted this *hours* before.
I've also updated my blog with all the relevent links and data . The speed of the worm creation is frightening, less then 5 days from the vulnerability announcement to the time that the worm hit the internet. No one can claim this is a spamming effort either since, as noted in other posts here, it is destroying the disks on the machine as well. It's actually like a game of russion roulette, it targets one of the first 8 disks and if the disk doesn't exist it simply continues it's routine of attacking 20,000 random addresses. This is the first worm I can remember that is actually malicious.
Listed on the above blog are the following links:
eEye advisory
ISS advisory
lurhq analysis
SANS diary report
F-Secure writeup
Symantec writeup
Witty Worm Capture 1 and 2 (from dslreports.com)
and the text from SANS capture of the worm.
I've been capturing UDP traffic all day and hope to compile some more interesting information later on.
Don't forget words like "strength" that have four consonants in a row.
But you don't even need to. You don't need your FAT table to access your files. It keeps track of used sectors, but it doesn't keep track of the files.
You can reconstruct the entire FAT table from the directory structures, which are easily found.
So it'll be some hassle to the user, but your data won't be lost if you are willing to go get the right recovery utilities.
Also, you should be running NTFS.
This is a huge hole. It requires no end-user action whatsoever to exploit. The "security" program it attacks is probably running with administrator privileges, even on locked down systems. There's no reason a packet filter should be able to write raw disks. In fact, if it still runs with those privileges, you want to get this "security" product off your system now. This might not be the only hole.
Why don't we all get together and write a
'wittless worm' that repairs the MBR.
Should do it unless the worm does more damage not listed in the article.
"Witty" Worm Wrecks Workstations!
1, 2 and 3 are okay. Subject to each person's experience.
4 is not. Worms and viruses and (to a lesser extent) trojans are NOT distributed equally based upon marketshare.
They propagate because of FLAWS in the SECURITY of the system. And Linux has a better security model than Windows.
Windows has the problems it does because:
#1. Microsoft puts software on the system that was not selected. Microsoft does this for a "user friendly" point. But "user friendly" does not equate to "good security".
#2. Microsoft enable services, by default, that are NOT needed. Again, this is for "user friendly" points. But it is bad for security.
#3. Microsoft made it easy to execute apps, even via email. They're finally learning on this one after wave after wave after wave of email trojans have hit their products. Again, this is from a "user friendly" point.
In order for Linux to have the same problems that Microsoft has, Linux would have to have 51% of the desktop, come installed with the same apps on 90% of those desktops AND have security holes in those apps AND be setup to run as root.
This is NOT just about who has more desktops.
The Knoppix CD will happily boot with a usable Linux and it reads NTFS harddisks.
I'd like to apologise for the poster your responding to and I'd like to point that the 99.9% of OTHER Linux users are not starry eyed PFB's trying to cram their particular religion down everyone's throats.
We know Linux needs work before its ready for prime time, just like we know that there are certain trade-offs between convenance and security.
I do believe that Windows users have gotten a bit of a drop here by Microsoft, but that would be more of a monopoly issue and bad planning (if we had the lead all this time WE would certainly have made some mistakes too).
So keep using your Windows PC in peace. Its got a lot of useful functionality and as a Gnome developer once suggested, the most secure operating system is the one your comfortable with and can keep updated. As Linux gains marketshare you can bet some vunerabilities will be found, some we'll expect and some we wont. Maybe you'll find it more appealing after its had more time to mature. Don't let zealots color your opinions too much, they speak for themselves.
Quack, quack.
...is only possible on a platform that has insecurities in the FIRST place. An OS shouldn't allow the vector, let alone the actual processing of the attack.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Would have been to target every single lawyer's network/pc.
Litigate this BITCH!
At least somebody remembers what virii used to be like...say wait a worm mutating gawt damn minute!!!!!!
Leave me alone you nerdy freak!
-- Jennifer
This is a bad thing? It seems to me this is the best way to get all those spam-proxy infected machines off the net. I'm sure any box hit by this probably also has at least one or two other infections already active.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
The 'total' mess is that, by the time the boot sector is overwritten, countless other sections of the drive have had random data written to them. The chances of the virus doing other things to cripple a system before it overwrites the boot sector and partition table is pretty high.
/. where the virus actually understands common document formats (like spreadsheets and DBs) and over time slowly alters the data in them without destroying the structure of the file so that, by the time the virus is known and people find out they have it, all of their data (and if it's been any length of time, their backups) are completely untrustworthy.
Even if you considre that he size of the MBR/PT is a small fraction of a percent of the size of the critical files that the OS can't live without (loader, kernel, device drivers, registry, etc...) so the worm is 2-3 orders of magnitude more likely to cripple the machine on any given write, there's still a lot of data that can get corrupted without forcing you to do a recovery.
What good is recovering data from a system if you can't be sure if any of the data is any good in the first place?
This isn't quite as bad as a suggestion I remember reading about a while back here on
my sig's at the bottom of the page.
Like all the other Windows users out there.
Why didn't you just disable, and then uninstall BlackIce?
autopr0n is like, down and stuff.
A computer virus isn't what Google thinks a Witty Worm is (not at all work safe :-) ).
I disagree. Any user that uses either involuntarily feels the same way.
Now I am one for dismissing most things, but really.. someone tell me if its not alittle fishy that the latest worms have been "cleaning up" systems.. welchi.. fixes vulnerabilities.. now this worm basically crashes vulnerable systems forcing the owner to reinstall possible a "newer" version of OS..
As for as a long term solution, the latest worms actually haven't "compromised" anyone's data.. and the worst they've done is create downtime causing the importance of patching/upgrading to be visible on the executive's agenda.
I've used blackice before, among other personal firewalls.. they all have one thing in common, the simple product is designed with "bells and whistles" that increase the amount of attackable points in the software.. keep it simple..
macs can read hard drives without file alocation tables?! That is impressive.
autopr0n is like, down and stuff.
I am tired of all of this worm crap ... I am just happy to see that someone wrote a worm that is killing infected computers and putting them out of their misery instead of quietly using them to spread their junk forever.
... they weren't as complex but more of them were fatal.
That's one thing I miss about old dos viruses
If there is no physical damage to the hard drive, then there a number of inexpensive and very useful data recovery tools out there for recovering data from a hard drive. Even if the partitions are blown.
The file system does matter, of course, And I am not up to speed for the various similar tools for *nix file systems (anyone care to jump in on this?)
There is a nice market for people who can do data recovery without needing to open a drive in a clean room, without charging 2000 bucks just to look at it.
Once you have everything recovered to another disk, then you can have fun rebuilding the Partition.
"It is a greater offense to steal men's labor, than their clothes"
For those that know a bit about viruses...
Are there viruses that can run on multiple operating systems? I'm talking about ONE virus that can infect a Windows machine, then propagate onto a linux machine and infect that, and so on. I'm also not talking about Internet Explorer exploits, or user exploit/trojan horse (eg. user clicks on some attached file),etc. I'm talking about an old school virus that can detect what OS is running and then infect it.
Anyone know of such viruses?
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
Virus for Linux are not likely to be very damageable. For doing such kind of things (ie. the first blocks of a hard disk), the virus should be based on a remote root exploit, which happens, but is *very* rare. Most exploits are local, so you can't use them if you don't have a ssh account on this computer.
If you have a local root exploit, and a remote user exploit, then you have a remote root exploit.
autopr0n is like, down and stuff.
I wasn't aware that a worm could do that. I know a virus could, but a worm? Nope.
Worms flood, use up resources, crash computer systems, etc. They don't overwrite files. So I believe "Witty" is just another script-kiddie virus. After all... it doesn't take that much knowledge to make Windows unbootable. Just Deltree it with a batch file... =/
"Instant gratification takes too long." - Carrie Fisher
Gee do ya think? Huh, what do ya think?
You guys are fukcing bozos.
Yes, and you have to solve them while thinking in Russian.
In Soviet Russia, Russian thinks in YOU!
All a saturday mornigng, afternoon, evening and night for isolating and patching that crap. Only one things good: swithing to pktfilter next week
The Knoppix CD will happily boot with a usable Linux and it reads NTFS harddisks.
Reads. READS.
Yeah, THAT'LL come in REAL FUCKING HANDY.
P.S. - Stop anthropomorphizing operating systems, assclown.
But Witty apparently tries to spread itself 20,000 times, then takes out a hard drive sector, then tries to spread 20,000 more times, in a relatively quick death spiral.
...Nothing interesting here. Just move along...
I'm pretty sure you mean Firefox.
A bit of a drop from Microsoft. Ha! If that's how you describe the porking a big chunk of the computing public has been taking lately, then I want some of the medication you're taking. Pass the bong, dude.
But, yeah, if you want to keep using Windows, have at it. Some people have to use it for work. Just don't try to connect it to my network.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Bless your black flabby little heart. I can slip this onto a Linux rescue CD along with the ntfsresize repartitioning tools and the chntpw Administrator password changer, and have a much more useful tool for saving Windows users machines.
And ye ghods, these freeware tools are better than the huge honking Symantec pieces of spew-ware that want to install hundreds of Megs of worthless manual spew and tools no one ever uses, *on the affected machine before you can use the tools*, rather than allowing you to run basic operations from the CD.
Folks? Let's send this guy something nice for creating this.
Now where have I seen this before? Let me think. What are the distinctive points about Witty's design?
Now where have I seen this before? Oh yes - SQL Slammer/Sapphire.
Witty roots a firewall, it spreads rapidly, it's extremely small and minimalistic (sort of bootsector size) yet still carries a destructive payload... this is not your average 16-year-old, this is one of the old school. Probably in his 30s, it's very probably the same author who wrote Sapphire, and he's probably a pro by now (white-hat? av company? competing firewall?).
Assuming the physical media is intact (as in, all read requests to the disk are successful), SalvageNTFS can retrieve data if there is even a single record of the MFT intact.
My company purchased a product a while back called GetDataBack NTFS and it has worked perfectly. It worked great when I (accidentally) deleted a volume from the W2K Disk Management MMC (whoops). Recovered all the data (since only the partition map was changed). Yes, I did something stupid, but this software saved me hours of recovering from backups.
Thanks. I just forwarded a copy of your post on to a few of my less tech-savvy friends with the title "Witty: Instructions For Manual Removal".
I'm sure they'll be very greatful.
Make a virus which fudges the least significant digits of currancy formatted columns in spreadsheets and databases at random. Not often enough to be noticed right away and just a few cents at a time. It will take a while for the errors to be found, they will make it into backup tapes, and before we know it none of the worlds accounts add up and it must all be gone over by hand.
Done right, serious economic damage would ensue, maybe even a recession with some luck, and the world just might learn its lesson.
I think this might even be the Right Thing to do in an ends-justifies-the-means sort of way. How much time and money is wasted on MS licenses and dealing with all of the trouble they cause? MS is worth $265B as of today and probably at least that much has been spent dealing with the problems. If the world lost trillions due to this virus it would be regained in savings from getting away from MS in the coming years.
GRC.com was right about BlackICE being lame! (nt)
Yep, just like in nature, a virus that kills its host can't spread as widely.
Where's the virus that syncs up every system clock it encounters to the atomic clock, and then has them all scream bloody murder at the same time at 3am one day?
Instead of just stealing your stuff, they should wait in your house and hack you up with your own kitchen knives when you get home. That would put more pressure on the police to catch them.
Is it stupid in here or is it just me?
Isn't it amazing that that according to MS it is absolutely essential to add a browser and a mutimedia player to their OS, and these items cannot be removed without damaging the OS. However, truly essential OS addons like a firewall and virus detection somehow never find there way into the OS.
Linux needs to take a lesson here -- before it is too late. The major opensource distros need to get together and back an open source virus detection program and all distros should provide disk space for the distribution of updates. The opensource firewall is already there but it needs to be "dumbed down" and gui'ed.
"Witty" Worm did not destroy your system.
Pete Carr Owner Chatmag.com
Comment removed based on user account deletion
Those Linksyses RUN LINUX.
How would that be any better?
The old viruses that could actually destroy a computer were a whole nother beast entirely. A sibling or nephew post mentioned one that would overclock everything from the bios and disable thermal protection, i think that would have to be tailored to a specific motherboard however. How about the ones that would change your display refresh rate to a non supported speed and actually fry your CRT. Not that hardware destruction is a good thing, but maybe it'll get peoples attention and make them patch their systems instead of this merely annoying pussy mass mailer crap we have nowadays that people just tend to ignore.
"Sic Semper Tyrannosaurus Rex."
Makes ISS look like idiots, the smug bastards. They act like they created the idea of computer security on the website.
Isn't this the same bunch that pre-release some apache flaws a while back (funded by ms ?)
LOLOLOLOL
I just checked, Norton Pro has a virus definition for this one. Why should norton worry about a worm that only affects the competition??
Isn't the virus just bounced when you are not running any of this ISS software, (making the buffer overflow exploit impossible)???
Anyway, what the hell is "ICQ parsing?"
Hello! I'm a disaster waiting to happen!
Reminds me of the Monkey virus...
It would take the first copy of your file allocation table and store it somewhere else on the disk, and insert its own code there. As long as you booted from there, you got your files. Otherwise...
yours,
kbs
I RUN VMware with XP on my Mandrake box. Should I be worried?
I'm sure those who were around will remember the whole darned internet grinding to a halt when the Morris worm came out in 1988.
Can someone tell me why open systems basically learned their collective lesson on one big event and it never happened again, while Microsoft products get the beatdown at least once every ninety days and nothing changes?
The picture someone else makes to represent what they think is the best method to communicate to someone else what the computer is doing is a pretty sad thing when compared to the results that come from having your very own picture in your head.
You point and click types can whine, but vi
I am very easy to get along with, but I don't have time to waste being nice to people who are being stupid. -Theo
I don't know about these specific products, but what Windows users call a firewall usually also prevents outgoing connections, unless permission for those is granted. This is a sensible thing to do if you install and run software that you don't trust completely. For example, quite a few programs for Windows (including Explorer) have been reported to contain spyware that sends some data to some server. Firewalling outgoing connections helps prevent that.
...) you can't trust. At the end of the day, even if you have audited each and every piece of code on your system and found them clean, a new vulnerability migh arise that you didn't know about (e.g. the implementation is good, but the design has weaknesses). Security is always a matter of more or less, rather than yes or no.
Of course, security is out of the window[s] when you run software you don't trust - or cannot trust. Unfortunately, this is the common case; no access to the source, inability to comprehend the source, reliance on services (libraries,
Please correct me if I got my facts wrong.
Here's an idea I read a little while ago - how about a payload that finds any number followed by a dollar sign in outgoing emails, and doubles it; in incoming emails, it divides it by two. Anyone that got the virus would suddenly lose all kinds of business, as their customers would see them submitting huge estimates. And, communications between two infected computers would seem normal, so it could be really slow to detect if everyone in a company got it. Just imagine the chaos...
Lots of similar ideas
You could also create a virus that would have an immediately beneficial impact on the economy - it would just delete any copies of MS powerpoint it finds. Just think, managers would have to start doing work!
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
"If you could actually turn off unwanted and insecure services you wouldn't NEED a firewall."
Who says you can't?
Start > Control Panel > Administrative Tools > Services
You can disable just about everything.
"In Windows you can't even tell whats running let alone shut it off. There are many ports that get attached to every interface and no way to fix it."
This is FUD. You *can* tell what's running. You *can* disable everything.
You can't tell whats running? This is very easy, actually. Try this:
To see what ports are currently listening:
netstat -an
To see what services are attached to what process: /svc
tasklist
To stop a process (until next boot):
sc stop _service_name_
To query a state of a process:
sc query _service_name_
No, you can't. With a lot of services on a modern MS OS, there is a web of complex interdependencies that are difficult to analyze. Maybe for a home environment, turning everything off is OK, but in a networked environment, things that should be separate from each other are entangled. Sometimes there is no immediate adverse effect when you turn off a service, but the system degrades to the point that certain services must be restarted. Microsoft operating systems are one of the finest examples of the second law of thermodynamics the world has ever seen, aside from Kia automobiles perhaps.
"This is a sensible thing to do if you install and run software that you don't trust completely"
Uh, don't. Or use a separate machine for that.
But if you don't have a separate machine, I recommend using vmware for that (a separate virtual machine). Make sure you remove connection to the vmware "network card" so that the machine is isolated. After you're done using the stuff and saved the test results to a shared folder, you can rollback to the pristine test system you had.
Risk: there might still be ways for a hacker to get to the host system from the guest o/s - maybe there are some machine code/bugs etc.
"FGTRGDI" (Feels good to run gnu/linux doesent it?)
;-)
Mr. Stallman...welcome back to slashdot
"It is seldom that liberty of any kind is lost all at once." -David Hume
Yes, comparing worms and data to burglars and home owners, what a brightspark, I think we either need worms that have the ability to kill users or intruders who trash the house (and shit, that actually happens)
Anyone remember the virus that would run at bootup, and it was blackjack, and you had a 1 in 3 chance of keeping the contents of your hdd?
Can editors be clear in titles of stories; if its Windows then say its Windows....or have the Microsoft lawyers got some editorial influence on the postings ?
Apparently the witty virus doesn't really overwrite the first sectors , but this could have value in general:
:)
I once recovered a system from attack of the CIH virus. One thing the virus does is overwrite your harddisk starting from the first sector. It continues until your system crashes. So you lose partition table, MBR and FAT. I used the tool 'cleancih' to reconstruct the data. That machine has been functional since, though it displays a first partition of 1 GB instead of 2GB
That suggests two things:
1. whatever the cause of the destruction, it should be possible to recover the first sectors. I think , the fact that there was more than 1 partition helped.
2. There are some things on my todolist that I never get around to.
Thank you. Most appreciated.
I shall go and tell the indestructible man that someone plans to murder him.
...to a fresh amputation. It is possibly worse than no defense at all. Avoid at all costs. Either Kerio Personal Firewall, ZoneAlarm (at a push, works for me, some users find it doesn't) or Tiny Personal Firewall.
I am NaN
Je fume. Tu fumes. Nous fûmes!
"FGTRGDI" (Feels good to run gnu/linux doesent it?)
Geeze, dude, isn't it hard to type with RMS's penis that far into your mouth?
> Who says you can't?
> Start > Control Panel > Administrative Tools > Services
> You can disable just about everything.
What happens if you turn off RPC?
After running BlackICE for less than a week, curious to see for myself what it was capable of, I was unlucky enough to get hit with this and lucky enough to kill it after it ran for an hour and half (blackd.exe opened port 4000 locally at 5:17 gmt, Mar.19.) It doesn't appear to have done any damage though, certainlly not to my MBR (though if it randomly writes to any sector I don't think there was a chance of this,) but I'm certain it sent more than the 20,000 needed to trigger the junk data being written in the 90 minutes it ran. With no record of the packets it sent, I do have a record of nearly 10,000 angry ICMP responses, the bulk of which are from a single address which first caused me to believe my IP was being spoofed, but I suspect this represents a fraction of the addresses it successfully sent to (locally it attempted to send ~6GB at 10Mb/s.) Up until now I've never felt the need for a hardware router.
[accidently posted this in the hardware router anonymously] After running BlackICE for less than a week, curious to see for myself what it was capable of, I was unlucky enough to get hit with this and lucky enough to kill it after it ran for an hour and half (blackd.exe opened port 4000 locally at 5:17 gmt, Mar.19.) It doesn't appear to have done any damage though, certainlly not to my MBR (though if it randomly writes to any sector I don't think there was a chance of this,) but I'm certain it sent more than the 20,000 needed to trigger the junk data being written in the 90 minutes it ran. With no record of the packets it sent, I do have a record of nearly 10,000 angry ICMP responses, the bulk of which are from a single address which first caused me to believe my IP was being spoofed, but I suspect this represents a fraction of the addresses it successfully sent to (locally it attempted to send ~6GB at 10Mb/s.) Up until now I've never felt the need for a hardware router.
Assuming this is one vulnerability, I'd have to also assume that these products share some common code or at least a common library with the vulnerability.
I don't see any discussion as to why several different products share the same vulnerability!
That in itself is a discredit to the value of choosing such products. It looks like they rely on some black box code that these companies do not develop themselves and thus doesn't get the type of code review required in a security product.
I did briefly run Black ICE on a machine designated for firewall/gateway several years ago when routers were more expensive than reusing an old PC. I'd likely not do that again, and I'd certainly never recommend using software firewall for protecting the machine running the firewall software.
Pronounced figetrygidigy...
That has to mean something dirty.
Bot Assisted Blogging
Hymn? ;o)
Syzygy?
Myth?
Slyly?
Crypts?
Nymphs? (My personal favourite
Spry?
Lots of perfectly lovely words have no vowels at all, you insensitive clod.
But wasn't one of the problems with the recent RPC exploits that XP needed to have RPC running for some reason? Sure you can turn stuff off, but will the system continue to function normally otherwise?
It is, in theory possible that you could find a similar exploit for them -- but they do have the advantage of many of the best eyes in the industry looking at them.
In my case, I have a hardware (OK: BSD) firewall, and my Linux boxes behind them run IPTables. My theory is that some people may be able to breach one of the two, but it's unlikely that both will be exploitable at the same time (layered security). I'd suggest the same thing for Windows users... put stuff like BlackICE behind a firewall. Don't trust it as your only security.
Software firewalls will, if nothing else, help you when your roommate's computer(s) swallow a web or email virus which gets past the outside perimiter, while the hardware unit will protect you from most externally sourced issues that don't subvert the firewall.
____
.As for the destroyed disks, depending on how much was overwritten, you might be able to recover the secondary FAT table... Just stomp on the trashed data with enough info for dosfsck to not reject the drive as fat32 and then have it recover the secondary FAT data (( I've used this trick to recover a friend's disk that had seen similar breakage about a year ago)).
This does, however presume that you have a Linux boot CD floating around (Knoppix, or a Fedora/RH8 boot disk or any other recent Linux distribution with DOS recovery tools will probably help for people with FAT32 filesystems (( repairing NT is going to be a good bit more work, since the FS is nowhere near as well defined)).
Free Software: Like love, it grows best when given away.
OK.. The common response here is to install a hardware firewall. Most people spout a cost of $29-49 for such a device. That MUST be a cable/DSL router. Some statistics I read recently (sorry, I don't remember source) said that 40-50% of all US households are now on broadband. That means 50-60% are still on dialup. While Cable/DSL routers/firewalls are cheap and easy to come by, what is one supposed to do for clients on dialup? Software firewalls are generally the only option in this case from what I can see. If anyone has a better option, I'd like to know what it is. Hardware dialup firewalls are expensive. Software firewalls are vulnerable and problematic (I've had problems removing some before without trashing the system).
See my blog at Who's Who
Sorry, blackd.exe opened port 4000 at 5:17 gmt Mar.20, not Mar.19.
You jest, but the police won't do shit UNLESS the burglars do the hack + slash routine. Don't ask me how I know that.
"In Windows you can't even tell whats running let alone shut it off. There are many ports that get attached to every interface and no way to fix it."
;-) Doesn't necessarily mean you can switch it off though...
This is FUD. You *can* tell what's running.
Very true. You can run nmap from a Linux box to find out what's running on the Windows machines
Code, Hardware, stuff like that.
The problem is that firewalls have become *massively* oversold to idiots, and the "personal firewall" has seen a surge in interest.
Firewalls have a good, legitimate (if annoying) purpose. They provide a single point to deploy emergency protection -- you can't patch every box in a company in a production environment in a day, with the current state of computers, but you can get at the firewall quickly.
The problem is that, because firewalls are (a) cheap, (b) require only a minimal amount of technical competence to operate, and (c) sound sexy ("*firewall*"), they've become incredibly oversold.
The personal firewall is a terrible example of this. The term "firewall" went around, and in order for people to feel secure and safe, now they have to have a "personal firewall". If you want to secure your own box, the answer is to yank off everything that's sitting there *listening* and waiting for crap to come in and screw it over. Unlike most vendors, Microsoft ships a system that keeps ports open by default and daemons running. And not only did they do that, but they leave gateways into the incredibly complex and undoubtedly difficult-for-developers-to-secure Windows filesharing and IPC mechanisms. Simple things like SSH have had masses of their own problems, but they pale compared to having a Windows box sitting and listening for data out of box. Sure enough, users, unaware of how to disable Microsoft's filesharing system WRT remote access (especially how to do so without breaking functionality) started buying these damned personal firewalls.
Personal firewalls bog down a machine, and make a complex, frequently-modified (and often not frequently updated, since Joe User isn't a rabid security admin) daemon sit and make itself available to exploits.
There's a great, free, high-performance, *almost* foolproof way to secure a system. Turn off the stuff that you don't want being accessed. Barring bugs in TCP stacks (and given the degree of pounding they get, I trust TCP stack code more than most code), you now have a nice, secure system.
I had to deal with someone not long ago who *very* much wanted to set up a firewall in front of a Linux box -- a single machine. It was a server of some importance, but I couldn't help but ask -- why? What possible benefit do you hope to derive from it? On such a server, you *have* to allow in inbound connections (or else you cannot communicate with the outside world) -- and on this box, it was connections to all listening ports. The only thing you can block is things that the TCP stack is going to ignore anyway. And, for that matter, the firewall was running an embedded Linux system. If there was a bug in the Linux TCP stack, that same bug is likely to affect both the firewall and the server.
I've been watching the rise of "personal firewalls" with some irritation, and I hope that the growing number of attacks on firewalls will help bring an end to them. Network-wide firewalls have *some* point -- personal firewalls do not.
May we never see th
This isn't strictly true.
You *can* shut off, I believe, every service that listens on a port in a vanilla Windows box.
However, Windows' netstat lacks the -p flag, for mapping a port to a process.
Windows does provide, out of box, an extremely complex couple of daemons running with full privileges, and listening on ports. While it's not as if these has never been done before (*cough* sendmail *cough*) this is a pretty bad idea. Nasty if a worm slips into your LAN and then spreads around like wildfire.
These services, like filesharing and RPC and whatnot, are important to many users. The problem is that on a secure system, any daemons should provide an absolutely minimal functionality set to any system that has not authenticated itself unless that daemon is specifically designed for anonymous access (like a web server). The more functionality you expose, the more potential vulnerabilities you expose to the world. Microsoft does not provide an easy way (I believe you can pull it off with, say, IPSec, though) to ensure that a connection is from a trusted computer. Compare this to, say, the configuration of a secure modern X11 system. One generally listens only on UNIX-domain sockets (rather than IP) and then tunnels everything through an simple authentication system that doesn't run as root -- ssh. Even that isn't perfect -- openssh has had a security history -- but it's a lot better than letting arbitrary people poke and prod at a vanilla system in all sorts of ways. IP-based blocking (Oh, *that* guy's on the Internet -- I'll ignore packets from him) may not be sufficient with the spread of Mobile IP (and the subsequent inability of people to block spoofed packets).
May we never see th
Chris Rouland was the ringleader of the L.O.D (Leigon of Doom) crackers back in the day.
I just switched over to my XP box and typed in "tasklist/svc" and got told it was an unknown command.
So how is the average user to know how to use commands which might not even be present?
Besides, the average user would need someone to kindly explain what a service is and why they would want to look for them. (Or yell at them for not being l337 and call them clueless depending on your inclinations.)
Lost at C:>. Found at C.
Dumb to kill the host quickly when you could be spreading silently for years.
Watch this Heartland Institute video
Probably because a good, oh, 80% of the people that use computers don't know enough to know how to patch the system, or to even know that it should be? About 50%-60% of users have a virus scanner on their system, but the process is pretty arcane to most of them.
These numbers are precisely the reason why viruses and worms exist, you know?
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Everyone tells me it can be done, but show me where on 2000 you can turn off...
445/tcp open microsoft-ds
That gets bound to every interface. With multiple network adapters, you can not tell it to stop binding to one.
IJSCAOMK!
qntm.org
RealSecure? MyISS.
445/tcp open microsoft-ds
That gets bound to every interface. With multiple network adapters, you can not tell it to stop binding to one
I don't have 2k up right now, but I'm pretty sure its' under TCP/IP properties advanced, you can allow or deny access by port, I don't remember if it's by adapter, though.
I had a laptop I was working on for a buddy. The hard drive was not reading, and I was replacing it with a new one. However, before I did the deed, I figured I would see how well Mepis (another Live-CD a la Knoppix) worked on his Dell.
.sig: "Linux, it saves dead hardware!" ...
Not only did it boot, detect everything (including batter status and level), but it could read the drive! Apparently, it was defaulting to DMA mode when it booted, but Linux could read it in PIO (fallback from DMA).
So, I (slowly) recovered his data, and then swapped in the right drive. I considered making this my
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
I don't know about the rest of you, but reading about this worm has given me the warm fuzzies (eg, a nice warm, happy feeling). I'm not condoning the behavior or writing viruses in the least, but I do think that it is a natural and expected thing, and an obvious result of MS monoculture.
Hopefully it will bring about change - that's why this makes me happy. Being able to tell someone that a virus was able to destroy their system -because- of their windows software firewall will be pleasureable.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
The worm must have a brother that attacks ZoneAlarm & Norton-protected PCs. My college-student daughter's laptop was bugged by something that rendered it unbootable. Using xp's Recovery Console, I used the fixmbr command, but then couldn't run any software. It also would not boot to any drive other than the HDD. Luckily, it defaulted to the usb floppy when that was hooked up, so I was able to start xp with the boot floppy set, format the drive with the xp cd, then run the system-restore CDs. What fun!
They can defrag but they can't click the windows update Icon. They don't know becasue they never bothered to learn, why do you suppose that is?
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
i was wondering what happened to my computer, i was hit with this virus! it sucks my computer shut down then it never came back up i had to reformat my harddrive... what can i do to keep it from happening again?