Slashdot Mirror


New Windows Worm on the Loose

Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."

21 of 622 comments (clear)

  1. ah... by Anonymous Coward · · Score: 5, Funny

    the luxury of being behind a nat box with all ports off and not having to deal with such nonsense

    1. Re:ah... by Interruach · · Score: 5, Funny

      ahh, the luxury of the first box after the NAT being a linux proxy server that serves my entire internal network.

      -- I see your nat box and raise you a proxy server.

    2. Re:ah... by Lord+Kano · · Score: 5, Funny

      Pussies! I'm whistling into a telephone receiver.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  2. I Use X Windows by craXORjack · · Score: 5, Funny
    Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?

    What is this 'Windows Update' of which you speak?

    --
    Liberals call everyone Nazis yet they are the closest thing to it.
    1. Re:I Use X Windows by temojen · · Score: 5, Funny

      I believe it's a cludgey microsoft variant of

      "emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"

      except that it requires you to reboot several times and repeatedly interact with it.

    2. Re:I Use X Windows by Anonymous Coward · · Score: 5, Funny
      You must be running a Microsoft Windows operating system in order to use Windows Update.

      Those monopolistic bastards.

    3. Re:I Use X Windows by brunson · · Score: 5, Funny

      It's kinda like:

      yum --ask-lots-of-useless-questions=yes \
      --reboot-for-no-apparent-reason=alot \
      --resolve-dependencies-without-my-help=no \
      update

      --
      09F911029D74E35BD84156C5635688C0
      Jesus loves you, I think you suck
  3. Huh? by grub · · Score: 5, Funny

    A new worm?
    May 01 07:59:49.306654 rule 0/0(match): block in on dc0: xx.xx.xx.xx:xxxx > yy.yy.yy.yy:yyyy: S 2881286568:2881286568(0) win 32640 (DF)
    Oh, there it is.
    --
    Trolling is a art,
  4. ah Nice, more work =) by Quazion · · Score: 5, Funny

    Atleast for me as the local consumer support guy.

    Thanks Microsoft.

  5. HAHA by D-Cypell · · Score: 5, Funny

    A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!

    The add server must be based on Microsoft's new Irony.NET framework!

    1. Re:HAHA by Anonymous Coward · · Score: 5, Funny

      but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it.

      And that, your honour, concludes my evidence showing why the Internet is such an insecure mess.

  6. Visit Windows Update? by Anonymous Coward · · Score: 5, Funny

    No need, I receive all the Windows critical updates by email. I don't know how I got subscribed to that mailing list, but it's damn convenient.

  7. YA Windows-only software title by Anonymous Coward · · Score: 5, Funny

    In light of this, would someone please explain why I would ever want a Mac? None of the really good viruses or worms are ever ported to it, no matter how successful they are!

  8. Loose not lose by Brian+Dennehy · · Score: 5, Funny

    I'm impressed that they got the headline right!

  9. Help the poor bastards by nazsco · · Score: 5, Funny

    The worm seems to install a ftp server on infected machines. So, wouldn't it be nice to have every box that detects a connection on port 554, reply with an upload of a new wallpaper to the infected windows box with some message like "install a firewall, moron"

    I consider it a public service. Maybe you can even deduct the bandwith for the upload from you tax.

  10. Days like this... by C0rinthian · · Score: 5, Funny

    I REALLY hate working dial-up tech support.
    (ring)
    sigh....

  11. Windows update freaking out! by nazsco · · Score: 5, Funny

    after reading this on the /. front page, i runned the windows update, that i don't visit for more than a year...

    and after some time, a windows pops up with the text:
    "The software you are instaling has not passed the Windows Logo testing to verify its compatibility with Windows XP. bla bla bla"
    "This software will *not be instaled*. Contact your system administrator."

    Ok, so i contact myself, and wonders what the hell?!?

    I just give M$ a lot of information about the operating system that i'm running... they wrote the frign thing, and even so, they don't know what will run in it, or what will pass their own crap compatibility verification!

    but well, that's it... i just click "OK" --the only button-- and see the same windows appears 3 times more... and blissfuly keep my ignorance of what's going on with the instalation.

  12. You must be an american by empaler · · Score: 5, Funny

    Only consumer whores and other types of idiots choose to toss out the computer instead of just wiping the hard drive and installing something else.

  13. Well done, submitter! by 6Yankee · · Score: 5, Funny

    How refreshing. A Slashdot article about a worm exploiting Windows, without the usual childish jibes. Or FUD. Or spelling mistakes. Well done, Dynamoo!

    Of course, then came the comments... :-)

  14. I was wondering... by lazy_arabica · · Score: 5, Funny

    ... if we replaced the posts of this thread with the messages posted after a previous worm-announcement, would anyone notice ? :)

    Linux_Zealot says : 5 Insightful - I am using Linux now !
    M$_wizard : 5 Interesting - Worms always appear after a security notice from Microsoft Knowledge Base ; so, openness is bad !
    security_Teacher : 5 Insightful - Of course, no one should run anything as root but cricital administration tasks, and a firewall is essential.
    n00b : -1 Troll - Windows Sucks !!!

    Well... That's just a little... repetitive ;-)

  15. Re:Removal Instructions [mirrors] by AvantLegion · · Score: 5, Funny
    Here's a few mirrors for those removal instructions, in case the rash of post-bug traffic slows things down:

    http://fedora.redhat.com
    http://www.gentoo.org
    http://www.debian.org
    http://www.linux-mandrake.com
    http://www.slackware.com