Slashdot Mirror


New Windows Worm on the Loose

Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."

16 of 622 comments (clear)

  1. Security Update Dates by TheUnFounded · · Score: 5, Insightful

    You know, normally these updates are available a good 3 or 4 months before the worm becomes available. This one was updated about 3 days ago. And MS claims to be beefing up their security efforts. ...

    1. Re:Security Update Dates by Unknown+Relic · · Score: 4, Insightful

      Is that reduced timeline maybe an example of what this /. article from a couple months ago was talking about? Essentially it stated that a lot of the new worms are actually being caused by the reverse engineering of patches to easily find exploits. Some machines will of course be patched, but as we all know, a huge number of machines will remain unpatched and vulnerable for months to come. If this is the case, Microsoft can hardly be faulted for getting the patch out only a few days before the exploit, since it's the patch itself that potentially prompted its creation. The really interesting thing is that if this is the case and Microsoft is actually increasing their security efforts and releasing more patches, we could actually see more worms released targetting unpatched systems. For them, this really isn't a good situation to be in - the more they do correct problems with their operating systems, the more exploits hit the unpatched machines, making it look like their enhanced focus on security is a joke.

  2. Re:ah... by Anonymous Coward · · Score: 5, Insightful
    the luxury of being behind a nat box with all ports off and not having to deal with such nonsense

    Yeah... till your buddy comes over to play Counterstrike and plugs into your hub infecting your machine.

  3. Same old, same old.... by gnuman99 · · Score: 4, Insightful
    Same old news about another worm. Nothing to see here, move along.

    Seriously, hasn't MS learnt anything about the Internet yet? Why do they keep insisting to keep all of these ports open all the time? Why so many services running out of the box? Why can't people even close some of the listening ports?

    If MS was any serious about security, they would have all ports closed be default. Or at least have a possiblity to closing them down during install.

  4. Re:HAHA by yulek · · Score: 4, Insightful

    A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!

    i realize you were mostly joking, but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it. and since current viruses are not true malware, the fact that the machine is infected doesn't even matter to the cheap contractor admin "running" the box. as someone mentioned in another story's comment, it's time to make some REAL malware and wake these ijits up.

    --
    in this age of communication i'm just not getting through
  5. I use the best anti virus on the market! by rspress · · Score: 3, Insightful

    I use the best anti virus on the market! It is called a Mac! Actually I have both a Mac and a WindowsXP Pro box with a router and firewall. Just to keep things clean my windows machine is NEVER used for checking mail. All mail is handled through the Mac. If I have a need to send mail via the PC or need to check it from the PC for some reason then Eudora Pro is used. The Outlook variants are the biggest viri available for the PC....with explorer coming in a close second.

  6. Re:I Use X Windows by SpectreGadget · · Score: 5, Insightful

    oh yes:

    "emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"

    isn't kludgy in the least and very intuitive. I prefer "apt-get dist-upgrade" myself.

    --
    Jim Harry
  7. Re:HAHA by Lothsahn · · Score: 5, Insightful

    Actually, current viruses are real malware, especially the ones that try to shut down virus scanners.

    They cause the computer to run really slow, and screw things up, including networking settings, killing IE, destroy the cryptography service, so that you can't get updates, and the ability to repair the TCP/IP layer.

    When you get multiple viruses on a machine, they can cause it to not even startup--Especially the ones that try to shut down virus scanners (Gaobot).

    I know they're not malware in the sense that they format your HD or anything, but when your server runs at 10% of it's normal speed, that's enough to take down almost any operation.

    --
    -=Lothsahn=-
  8. Re:already feeling it on college campuses by Radon+Knight · · Score: 4, Insightful

    > If I was in charge of a university's computer systems,
    > absolutely no proprietary, closed source software would be
    > allowed anywhere on my network, especially not the parts
    > accessible to students

    So, preventing your students from being unable to run Mathematica, Maple, Matlab, Visual Studio,... is educationally beneficial in what way?

    Yes, closed source software has problems. So does open source. An all-out ban either way helps no one and solves nothing.

  9. Re:Linux is vunerable too (The anti-anti-windows F by ajs318 · · Score: 4, Insightful
    1. Linux isn't as good as Windows, Windows has more accountability and support.
    Microsoft could withdraw support for Windows at any time. Linux has independent support from a community of users.
    2. If Linux was used as much as Windows then Viruses would be as common, instead of incredable rare.
    Linux is secure by design. Privilege separation, memory protection and so forth. Most distributions force you to create a non-root user at installation time.
    3. Windows is cheaper then Linux even though Linux is free. It's a TCO type of thing.
    What you mean is that it's cheaper to hire somebody to fix a Windows box than a Linux box. There is a grain of truth in this. Windows often packs up for no appareny reason. Almost any unskilled monkey can "fix" a broken Windows box just by hoicking out the power lead, counting to ten and putting it back. Linux only ever misbehaves with a good reason, and requires someone who knows their arsehole from their earhole to fix it.
    4. Gimp sucks compared to Photoshop.
    This sounds like an ad hominem attack. At best it's a red herring. Photoshop is an Adobe product, nothing to do with Windows or Linux.
    5. Open source is insecure by default. Only by hidding your secrets are they kept safe.
    Thou smokest crack. If the security of your code depends on a secret that you hope an attacker will not discover, then as soon as an attacker discovers that secret then your code is insecure. The security of Linux does not depend on one big, centrally-kept secret. Cf. public key encryption.
    6. IE is better then Firefox because my kids can play shockwave games on Disney.com
    Then try the full version of Mozilla, which definitely supports the Flash player plugin {though I'm not convinced you aren't just lying, Firefox might well support plugins}. If you don't need Flash, but you would like tabbed browsing, pop-up blocking, a Javascript debugging console, cookie management and speed, then Firefox certainly does it.
    7. MS has Exchange, Linux doesn't.
    Linux has Sendmail. 'Nuff said.
    8. OO.org sucks compared the usability of Office
    You haven't said how OO.o "sucks", nor even which release you are talking about, so I have to presume you are merely parroting.
    9. Linux isn't ready for the Desktop.
    You are merely parroting.
    10. Grandma can't install Linux.
    Awwwwk! Pieces of eight! Polly want a cracker! Grandma can't install Windows either.
    11. Can't play Everquest on Linux.
    Blame the makers of Everquest, or find another game to play. See also point 4.
    12. Users are the problem, Not Microsoft.
    Just goes to show ..... if you say enough things then at least one of them might turn out to be true. Many users need to get a clue, I'll agree. But I have to say that writing a mail client which treats unknown file types as "executable" -- and executes them without the user's consent -- sounds seriously like aiding and abetting virus propagation. Yeah, that was years ago. See also point 9.
    --
    Je fume. Tu fumes. Nous fûmes!
  10. Re:ah... by Sj0 · · Score: 4, Insightful

    I just got hit with wone of these lsass viruses a few weeks ago.

    Completely patched.

    My stupidity was DMZing my firewall. Stupid, STUPID.

    Freinds don't let freinds open their firewalls. Not even to play video games, no matter how many processes they have deactivated.

    I think the tragedy here is that most "regular power users" (ie. the folks who think that they're big shit because they can install antivirus software and change their windows desktop) probably don't realize that it's entirely possible to have a completely patched windows machine that can still get infected by a virus if you plug it right into the internet. I honestly think these things are reaching a critical mass. It'll be interesting to see exactly how that manifests.

    --
    It's been a long time.
  11. Re:I Use X Windows by bkhl · · Score: 3, Insightful

    No, you're not:

    "The X Consortium requests that the following names be used when referring to this software:

    X
    X Window System
    X Version 11
    X Window System, Version 11
    X11

    X Window System is a trademark of X Consortium, Inc. "

  12. Re:windows users never fail to amaze me. by Nevo · · Score: 3, Insightful

    Actually, this particular attack cannot be mitigated by running as admin.

    It attacks a genuine hole in the operating system and is not dependent on anyone even being logged on to the machine at all. It 'hijacks' the LSASS process, wich runs in the SYSTEM context. The operating system could not run if LSASS wasn't running as SYSTEM.

    Of course, the patch has been available for >2 weeks now, so all of this *should* be moot.

  13. Patching / Firewalls by gorfie · · Score: 4, Insightful

    Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?

    Should read "Of course, all good Slashdotters patch their systems and have a firewall, don't you?".

    Running something other than Windows is not a good reason to ignore security.

  14. Re:ah... by hawkbug · · Score: 4, Insightful

    And thank you for your lazy attitude - you're the reason spammers can control broadband connected zombie boxes to fill my inbox with massive amounts of shit.

  15. Re:ah... by Molina+the+Bofh · · Score: 3, Insightful

    The problem is not being open to the world.

    For starters, sendmail and wu-ftpd should have been banned from Earth a long time ago. They have more holes than swiss cheese. Telnetd should already have been deprecated by ssh, and should not be installed at all.

    --

    -
    Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice