Slashdot Mirror


New Windows Worm on the Loose

Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."

38 of 622 comments (clear)

  1. ah... by Anonymous Coward · · Score: 5, Funny

    the luxury of being behind a nat box with all ports off and not having to deal with such nonsense

    1. Re:ah... by Interruach · · Score: 5, Funny

      ahh, the luxury of the first box after the NAT being a linux proxy server that serves my entire internal network.

      -- I see your nat box and raise you a proxy server.

    2. Re:ah... by Lord+Kano · · Score: 5, Funny

      Pussies! I'm whistling into a telephone receiver.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    3. Re:ah... by kasperd · · Score: 3, Funny

      I see your nat box and raise you a proxy server.

      Ha. I have a linux laptop behind a linux iptables NAT box behind another linux iptables NAT box. The NAT boxes are running two different distributions. Beat that if you can.

      --

      Do you care about the security of your wireless mouse?
    4. Re:ah... by jazman_777 · · Score: 3, Funny
      -- I see your nat box and raise you a proxy server.

      You are lucky. I have to use a box of gravel for a firewall.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    5. Re:ah... by Sj0 · · Score: 3, Funny

      You sure are!!

      You could be doing SO much more with that much machine -- I mean....It's a PENTIUM 90!! Don't you realize how much power you have right there? It's insanity!

      --
      It's been a long time.
    6. Re:ah... by isorox · · Score: 3, Funny

      Pah! I'm running IP over Avian Carrier!

      My firewall is literally a burning wall, DDOS me and I get a large dinner

    7. Re:ah... by Master+of+Transhuman · · Score: 4, Funny


      I have DOS - which doesn't listen to anything unless you tell it to.

      Beat that.

      (Well, I'm fibbing, I actually run Windows 2000, Windows XP and Red Hat 7.3. But I remember when I used to tell clients at BOFA that modem security was not an issue with DOS since if you weren't running XTalk or something, DOS could care less if the modem was on. Of course, this meant porn took a lot longer to download...)

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  2. I Use X Windows by craXORjack · · Score: 5, Funny
    Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?

    What is this 'Windows Update' of which you speak?

    --
    Liberals call everyone Nazis yet they are the closest thing to it.
    1. Re:I Use X Windows by temojen · · Score: 5, Funny

      I believe it's a cludgey microsoft variant of

      "emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"

      except that it requires you to reboot several times and repeatedly interact with it.

    2. Re:I Use X Windows by squall14716 · · Score: 3, Funny

      Hey! I'm not a zealot, I just have this much time on my hands.

    3. Re:I Use X Windows by gnu-generation-one · · Score: 4, Funny
      "What is this 'Windows Update' of which you speak?"

      Full text, in case of slashdotting:
      " Thank you for your interest in Windows Update

      Windows Update is the online extension of Windows that helps you get the most out of your computer.

      You must be running a Microsoft Windows operating system in order to use Windows Update."
    4. Re:I Use X Windows by Anonymous Coward · · Score: 5, Funny
      You must be running a Microsoft Windows operating system in order to use Windows Update.

      Those monopolistic bastards.

    5. Re:I Use X Windows by brunson · · Score: 5, Funny

      It's kinda like:

      yum --ask-lots-of-useless-questions=yes \
      --reboot-for-no-apparent-reason=alot \
      --resolve-dependencies-without-my-help=no \
      update

      --
      09F911029D74E35BD84156C5635688C0
      Jesus loves you, I think you suck
    6. Re:I Use X Windows by Anonymous Coward · · Score: 3, Funny

      I've been there and done that. Get with the times, BSD has had this for *ages*.

      Windows - Where do you want to go today?
      Linux - Where do you want to go tomorrow?
      BSD - Are you guys coming or what? ;)

    7. Re:I Use X Windows by Suidae · · Score: 4, Funny

      Ha, you all suck, I just tell my network admin to update everything so I can get on with the drinking beer and watching porn.

  3. Huh? by grub · · Score: 5, Funny

    A new worm?
    May 01 07:59:49.306654 rule 0/0(match): block in on dc0: xx.xx.xx.xx:xxxx > yy.yy.yy.yy:yyyy: S 2881286568:2881286568(0) win 32640 (DF)
    Oh, there it is.
    --
    Trolling is a art,
  4. ah Nice, more work =) by Quazion · · Score: 5, Funny

    Atleast for me as the local consumer support guy.

    Thanks Microsoft.

  5. HAHA by D-Cypell · · Score: 5, Funny

    A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!

    The add server must be based on Microsoft's new Irony.NET framework!

    1. Re:HAHA by Anonymous Coward · · Score: 5, Funny

      but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it.

      And that, your honour, concludes my evidence showing why the Internet is such an insecure mess.

  6. Visit Windows Update? by Anonymous Coward · · Score: 5, Funny

    No need, I receive all the Windows critical updates by email. I don't know how I got subscribed to that mailing list, but it's damn convenient.

  7. Dang... by kennylives · · Score: 4, Funny

    I have a Mac, you insensitive clod...

    --

    Where the value of X-Mailer: is the true measure of a man...

    1. Re:Dang... by skinfitz · · Score: 4, Funny

      Well look on the bright side - worms and viruses are the only things that you have less of than games.

  8. YA Windows-only software title by Anonymous Coward · · Score: 5, Funny

    In light of this, would someone please explain why I would ever want a Mac? None of the really good viruses or worms are ever ported to it, no matter how successful they are!

  9. Loose not lose by Brian+Dennehy · · Score: 5, Funny

    I'm impressed that they got the headline right!

  10. Help the poor bastards by nazsco · · Score: 5, Funny

    The worm seems to install a ftp server on infected machines. So, wouldn't it be nice to have every box that detects a connection on port 554, reply with an upload of a new wallpaper to the infected windows box with some message like "install a firewall, moron"

    I consider it a public service. Maybe you can even deduct the bandwith for the upload from you tax.

  11. Days like this... by C0rinthian · · Score: 5, Funny

    I REALLY hate working dial-up tech support.
    (ring)
    sigh....

  12. Windows update freaking out! by nazsco · · Score: 5, Funny

    after reading this on the /. front page, i runned the windows update, that i don't visit for more than a year...

    and after some time, a windows pops up with the text:
    "The software you are instaling has not passed the Windows Logo testing to verify its compatibility with Windows XP. bla bla bla"
    "This software will *not be instaled*. Contact your system administrator."

    Ok, so i contact myself, and wonders what the hell?!?

    I just give M$ a lot of information about the operating system that i'm running... they wrote the frign thing, and even so, they don't know what will run in it, or what will pass their own crap compatibility verification!

    but well, that's it... i just click "OK" --the only button-- and see the same windows appears 3 times more... and blissfuly keep my ignorance of what's going on with the instalation.

    1. Re:Windows update freaking out! by NuclearDog · · Score: 4, Funny

      That always annoyed the hell out of me.

      "That action can not be performed. Please contact your system administrator."

      I always felt like and idiot talking to myself...

      --
      This statement is forty-five characters long.
  13. You must be an american by empaler · · Score: 5, Funny

    Only consumer whores and other types of idiots choose to toss out the computer instead of just wiping the hard drive and installing something else.

  14. Well done, submitter! by 6Yankee · · Score: 5, Funny

    How refreshing. A Slashdot article about a worm exploiting Windows, without the usual childish jibes. Or FUD. Or spelling mistakes. Well done, Dynamoo!

    Of course, then came the comments... :-)

  15. I was wondering... by lazy_arabica · · Score: 5, Funny

    ... if we replaced the posts of this thread with the messages posted after a previous worm-announcement, would anyone notice ? :)

    Linux_Zealot says : 5 Insightful - I am using Linux now !
    M$_wizard : 5 Interesting - Worms always appear after a security notice from Microsoft Knowledge Base ; so, openness is bad !
    security_Teacher : 5 Insightful - Of course, no one should run anything as root but cricital administration tasks, and a firewall is essential.
    n00b : -1 Troll - Windows Sucks !!!

    Well... That's just a little... repetitive ;-)

  16. Could you try to find out? by empaler · · Score: 4, Funny

    After I changed email address, I couldn't figure out where I'd subscribed to that newsletter, either... I'd really like it back...

  17. Working at PC Club by donkeyoverlord · · Score: 3, Funny

    This is like a freaking death sentence considering everyone in town thinks that this is there own free computer tech support hot line.

  18. Re:Removal Instructions [mirrors] by AvantLegion · · Score: 5, Funny
    Here's a few mirrors for those removal instructions, in case the rash of post-bug traffic slows things down:

    http://fedora.redhat.com
    http://www.gentoo.org
    http://www.debian.org
    http://www.linux-mandrake.com
    http://www.slackware.com

  19. Obligatory quote from Linux/*BSD/Mac users by imnoteddy · · Score: 4, Funny

    "Ha Ha!"
    Nelson, various Simpsons episodes

    --
    No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
  20. killing IE by Beer_Smurf · · Score: 4, Funny

    You say "killing IE" like it's a bad thing.

  21. goodbye windows update by sir_cello · · Score: 4, Funny


    Using Symantec AV, I LiveUpdate'd signatures, only to find that it decared System32/w32sup.exe as a trojan and quarantined it.