Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Worm on the Loose

Posted by michael on from the batten-down-your-ports dept.

Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."

60 of 622 comments (clear)

  1. ah... by Anonymous Coward · · Score: 5, Funny

    the luxury of being behind a nat box with all ports off and not having to deal with such nonsense

    1. Re:ah... by Interruach · · Score: 5, Funny

      ahh, the luxury of the first box after the NAT being a linux proxy server that serves my entire internal network.

      -- I see your nat box and raise you a proxy server.

    2. Re:ah... by Anonymous Coward · · Score: 1, Funny

      must be hard acessing the net what with port 80 turned off eh? :)

    3. Re:ah... by Anonymous Coward · · Score: 1, Funny

      Ha, an IP Masqueraded Linux Firewall beats both (ip 10.0.0.1)! Bow before my geekdom!

    4. Re:ah... by Anonymous Coward · · Score: 1, Funny

      You wish. An OpenBSD box set up as a firewalling bridge between the Internet and the local network kicks all your asses.

    5. Re:ah... by Lord+Kano · · Score: 5, Funny

      Pussies! I'm whistling into a telephone receiver.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    6. Re:ah... by Anonymous Coward · · Score: 1, Funny

      Telephone receiver, eh? Sounds like you're the one who is most likely to get a virus out of everyone!

    7. Re:ah... by kasperd · · Score: 3, Funny

      I see your nat box and raise you a proxy server.

      Ha. I have a linux laptop behind a linux iptables NAT box behind another linux iptables NAT box. The NAT boxes are running two different distributions. Beat that if you can.

      --

      Do you care about the security of your wireless mouse?
    8. Re:ah... by jazman_777 · · Score: 3, Funny
      -- I see your nat box and raise you a proxy server.

      You are lucky. I have to use a box of gravel for a firewall.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    9. Re:ah... by Vancorps · · Score: 2, Funny

      I feel sorry for you if you want to use IPSec

    10. Re:ah... by Sj0 · · Score: 3, Funny

      You sure are!!

      You could be doing SO much more with that much machine -- I mean....It's a PENTIUM 90!! Don't you realize how much power you have right there? It's insanity!

      --
      It's been a long time.
    11. Re:ah... by isorox · · Score: 3, Funny

      Pah! I'm running IP over Avian Carrier!

      My firewall is literally a burning wall, DDOS me and I get a large dinner

    12. Re:ah... by ichandarin · · Score: 2, Funny

      Ha! I'm writing this on my mechanical typewriter that has been broken since 1988!

      --
      Denn wir sind wie Baumstaemme im Schnee. Scheinbar liegen sei glatt auf, mit kleinem anstoss sollte man sie wegschieben
    13. Re:ah... by Master+of+Transhuman · · Score: 4, Funny


      I have DOS - which doesn't listen to anything unless you tell it to.

      Beat that.

      (Well, I'm fibbing, I actually run Windows 2000, Windows XP and Red Hat 7.3. But I remember when I used to tell clients at BOFA that modem security was not an issue with DOS since if you weren't running XTalk or something, DOS could care less if the modem was on. Of course, this meant porn took a lot longer to download...)

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
    14. Re:ah... by malarkey · · Score: 2, Funny

      Be careful, you are susceptible to virii too!!!

  2. I Use X Windows by craXORjack · · Score: 5, Funny
    Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?

    What is this 'Windows Update' of which you speak?

    --
    Liberals call everyone Nazis yet they are the closest thing to it.
    1. Re:I Use X Windows by temojen · · Score: 5, Funny

      I believe it's a cludgey microsoft variant of

      "emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"

      except that it requires you to reboot several times and repeatedly interact with it.

    2. Re:I Use X Windows by squall14716 · · Score: 3, Funny

      Hey! I'm not a zealot, I just have this much time on my hands.

    3. Re:I Use X Windows by temojen · · Score: 2, Funny

      But you can't use your computer while it's going either.

    4. Re:I Use X Windows by gnu-generation-one · · Score: 4, Funny
      "What is this 'Windows Update' of which you speak?"

      Full text, in case of slashdotting:
      " Thank you for your interest in Windows Update

      Windows Update is the online extension of Windows that helps you get the most out of your computer.

      You must be running a Microsoft Windows operating system in order to use Windows Update."
    5. Re:I Use X Windows by Anonymous Coward · · Score: 5, Funny
      You must be running a Microsoft Windows operating system in order to use Windows Update.

      Those monopolistic bastards.

    6. Re:I Use X Windows by brunson · · Score: 5, Funny

      It's kinda like:

      yum --ask-lots-of-useless-questions=yes \
      --reboot-for-no-apparent-reason=alot \
      --resolve-dependencies-without-my-help=no \
      update

      --
      09F911029D74E35BD84156C5635688C0
      Jesus loves you, I think you suck
    7. Re:I Use X Windows by Anonymous Coward · · Score: 3, Funny

      I've been there and done that. Get with the times, BSD has had this for *ages*.

      Windows - Where do you want to go today?
      Linux - Where do you want to go tomorrow?
      BSD - Are you guys coming or what? ;)

    8. Re:I Use X Windows by Anonymous Coward · · Score: 2, Funny

      It updates windows. But you don't have to worry, I've just updated your machine for you.

    9. Re:I Use X Windows by Suidae · · Score: 4, Funny

      Ha, you all suck, I just tell my network admin to update everything so I can get on with the drinking beer and watching porn.

    10. Re:I Use X Windows by sharkey · · Score: 2, Funny

      Too bad I'm too busy drinking beer and watching porn to attend to your request.

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  3. Huh? by grub · · Score: 5, Funny

    A new worm?
    May 01 07:59:49.306654 rule 0/0(match): block in on dc0: xx.xx.xx.xx:xxxx > yy.yy.yy.yy:yyyy: S 2881286568:2881286568(0) win 32640 (DF)
    Oh, there it is.
    --
    Trolling is a art,
  4. ah Nice, more work =) by Quazion · · Score: 5, Funny

    Atleast for me as the local consumer support guy.

    Thanks Microsoft.

  5. HAHA by D-Cypell · · Score: 5, Funny

    A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!

    The add server must be based on Microsoft's new Irony.NET framework!

    1. Re:HAHA by Anonymous Coward · · Score: 5, Funny

      but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it.

      And that, your honour, concludes my evidence showing why the Internet is such an insecure mess.

  6. stay tuned by Anonymous Coward · · Score: 1, Funny

    Fox New's official death toll caused by this new exploit stands at zero, but that can change any second now. Find out how to save yourself, tonight after the weather...

  7. Visit Windows Update? by Anonymous Coward · · Score: 5, Funny

    No need, I receive all the Windows critical updates by email. I don't know how I got subscribed to that mailing list, but it's damn convenient.

  8. Dang... by kennylives · · Score: 4, Funny

    I have a Mac, you insensitive clod...

    --

    Where the value of X-Mailer: is the true measure of a man...

    1. Re:Dang... by skinfitz · · Score: 4, Funny

      Well look on the bright side - worms and viruses are the only things that you have less of than games.

  9. YA Windows-only software title by Anonymous Coward · · Score: 5, Funny

    In light of this, would someone please explain why I would ever want a Mac? None of the really good viruses or worms are ever ported to it, no matter how successful they are!

  10. Loose not lose by Brian+Dennehy · · Score: 5, Funny

    I'm impressed that they got the headline right!

  11. This is news? by bcmm · · Score: 1, Funny

    Hmm... a new windows worm, exploiting a documented flaw? Never!

    Whats new?

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  12. Help the poor bastards by nazsco · · Score: 5, Funny

    The worm seems to install a ftp server on infected machines. So, wouldn't it be nice to have every box that detects a connection on port 554, reply with an upload of a new wallpaper to the infected windows box with some message like "install a firewall, moron"

    I consider it a public service. Maybe you can even deduct the bandwith for the upload from you tax.

  13. Days like this... by C0rinthian · · Score: 5, Funny

    I REALLY hate working dial-up tech support.
    (ring)
    sigh....

  14. Windows update freaking out! by nazsco · · Score: 5, Funny

    after reading this on the /. front page, i runned the windows update, that i don't visit for more than a year...

    and after some time, a windows pops up with the text:
    "The software you are instaling has not passed the Windows Logo testing to verify its compatibility with Windows XP. bla bla bla"
    "This software will *not be instaled*. Contact your system administrator."

    Ok, so i contact myself, and wonders what the hell?!?

    I just give M$ a lot of information about the operating system that i'm running... they wrote the frign thing, and even so, they don't know what will run in it, or what will pass their own crap compatibility verification!

    but well, that's it... i just click "OK" --the only button-- and see the same windows appears 3 times more... and blissfuly keep my ignorance of what's going on with the instalation.

    1. Re:Windows update freaking out! by NuclearDog · · Score: 4, Funny

      That always annoyed the hell out of me.

      "That action can not be performed. Please contact your system administrator."

      I always felt like and idiot talking to myself...

      --
      This statement is forty-five characters long.
  15. You must be an american by empaler · · Score: 5, Funny

    Only consumer whores and other types of idiots choose to toss out the computer instead of just wiping the hard drive and installing something else.

  16. Well done, submitter! by 6Yankee · · Score: 5, Funny

    How refreshing. A Slashdot article about a worm exploiting Windows, without the usual childish jibes. Or FUD. Or spelling mistakes. Well done, Dynamoo!

    Of course, then came the comments... :-)

  17. I was wondering... by lazy_arabica · · Score: 5, Funny

    ... if we replaced the posts of this thread with the messages posted after a previous worm-announcement, would anyone notice ? :)

    Linux_Zealot says : 5 Insightful - I am using Linux now !
    M$_wizard : 5 Interesting - Worms always appear after a security notice from Microsoft Knowledge Base ; so, openness is bad !
    security_Teacher : 5 Insightful - Of course, no one should run anything as root but cricital administration tasks, and a firewall is essential.
    n00b : -1 Troll - Windows Sucks !!!

    Well... That's just a little... repetitive ;-)

  18. Could you try to find out? by empaler · · Score: 4, Funny

    After I changed email address, I couldn't figure out where I'd subscribed to that newsletter, either... I'd really like it back...

  19. Working at PC Club by donkeyoverlord · · Score: 3, Funny

    This is like a freaking death sentence considering everyone in town thinks that this is there own free computer tech support hot line.

  20. If you wonder what a virus is : by chrysalis · · Score: 2, Funny

    Here is an introduction to virus for non-windows users.

    --
    {{.sig}}
  21. bwhahaha ! by freaks · · Score: 2, Funny

    " Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? " roflol windows-update is the virus factory ;)

  22. Re:Removal Instructions [mirrors] by AvantLegion · · Score: 5, Funny
    Here's a few mirrors for those removal instructions, in case the rash of post-bug traffic slows things down:

    http://fedora.redhat.com
    http://www.gentoo.org
    http://www.debian.org
    http://www.linux-mandrake.com
    http://www.slackware.com

  23. Obligatory quote from Linux/*BSD/Mac users by imnoteddy · · Score: 4, Funny

    "Ha Ha!"
    Nelson, various Simpsons episodes

    --
    No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
  24. Re:already feeling it on college campuses by rokzy · · Score: 2, Funny

    Your ideas intrigue me. I'd like to subscribe to your newsletter.

  25. killing IE by Beer_Smurf · · Score: 4, Funny

    You say "killing IE" like it's a bad thing.

  26. classic behaviour? by Nightreaver · · Score: 1, Funny

    Initial analysis seems to indicate classic Blaster-style worm behaviour.

    This made me think of a quote from "Broken Arrow", when Giles Prentice (Frank Whaley) is told there is a "broken arrow", he says,
    "I don't know what's scarier - losing nuclear weapons or that it happens so often that we have a name for it."

  27. Well yeah.... by C0rinthian · · Score: 2, Funny
    Windows. Only 20 remote holes in the default install since 13th April.

    Otherwise it would be called "Microsoft Walls"
  28. New Windows Worm on the Loose by Peale · · Score: 2, Funny

    New Windows Worm on the Loose

    What, it's been a week already?

  29. goodbye windows update by sir_cello · · Score: 4, Funny


    Using Symantec AV, I LiveUpdate'd signatures, only to find that it decared System32/w32sup.exe as a trojan and quarantined it.

  30. Heh by TheSpoom · · Score: 2, Funny

    I work doing tech support for desktop computers made by Compaq and HP, both of which are sold at Wal-Mart. A friend of mine said "welcome to Hell" when I came in today. Now I know why :^(

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  31. It does what? by james_in_denver · · Score: 1, Funny

    The new worm

    The worm typically shuts down the computer then automatically re-boots it, repeating the procedure several times. Hyppoenen said computers behind a firewall should be spared from the attack.

    And how is this different than a typical Windows install?

  32. Re:Linux is vunerable too (The anti-anti-windows F by Anonymous Coward · · Score: 1, Funny

    That's interesting.

    Apperently your sarcasm detector is set on "low".

    (ps. it was a joke) :P

  33. Sasser by rush22 · · Score: 2, Funny

    warning: attempt at humour follows.

    Windows' House
    A worm appears. Windows is surprised.

    Enter Worm

    Windows (moronically): duh hello? What are you doing in here?
    Worm (aloof): Hey windows, how's it goin? Just wonderin' if I could, ya know, come on in for a bit. I know you don't really know me and all, but I just kinda found you here..
    Windows: duh you look like an old friend.. what's his name, Bob.. Blast.. something or other. Ok since you're already here, it's not much, but there's a nice breeze that blows through.
    Worm: Can I leave some of my stuff here?
    Windows: Ok by me, there's a whole bunch of stuff here, people come by all the time picking stuff up, dropping it off. (helpfully) Let me take that for you.
    Worm: Nice! Ummm, while I'm here, I have some code, and I just need a bit... err.. executed. Is that ok?
    Windows (wary): Well... I don't know you that well.
    Worm: C'mon, please? I'm friends with that guy in, uh, the service department, obviously I couldn't get in if he didn't let me in.
    Windows (relieved): Oh him! Oh yeah, he's friends with a lot of people. Ok, I'll execute the code... there ya go all done.
    Worm: Excellent. Ok, gotta go.

    Enter Zone Alarm

    Zone Alarm (alarmed): What's all this then? Who's this guy? Where is he trying to go? Why wasn't I alerted?!
    Windows: Oh, he's just... a guy.. he came in for a bit.
    Zone Alarm: How did he get in??
    Windows (frustrated): Through the service entrance, I told you I got a lot of things going through there and don't want you bothering me about it all the time. The last time you blocked off the service entrance noone could get through.
    Zone Alarm: Well don't let him out...

    Exuent Worm

    Zone Alarm: ...er where did he go?
    Windows (ashamed): Out the service entrance.
    Zone Alarm: That's it I quit.

    Exuent Zone Alarm

    THE END