New Windows Worm on the Loose
Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."
You know, normally these updates are available a good 3 or 4 months before the worm becomes available. This one was updated about 3 days ago. And MS claims to be beefing up their security efforts. ...
Yeah... till your buddy comes over to play Counterstrike and plugs into your hub infecting your machine.
Seriously, hasn't MS learnt anything about the Internet yet? Why do they keep insisting to keep all of these ports open all the time? Why so many services running out of the box? Why can't people even close some of the listening ports?
If MS was any serious about security, they would have all ports closed be default. Or at least have a possiblity to closing them down during install.
A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!
i realize you were mostly joking, but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it. and since current viruses are not true malware, the fact that the machine is infected doesn't even matter to the cheap contractor admin "running" the box. as someone mentioned in another story's comment, it's time to make some REAL malware and wake these ijits up.
in this age of communication i'm just not getting through
oh yes:
"emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"
isn't kludgy in the least and very intuitive. I prefer "apt-get dist-upgrade" myself.
Jim Harry
Actually, current viruses are real malware, especially the ones that try to shut down virus scanners.
They cause the computer to run really slow, and screw things up, including networking settings, killing IE, destroy the cryptography service, so that you can't get updates, and the ability to repair the TCP/IP layer.
When you get multiple viruses on a machine, they can cause it to not even startup--Especially the ones that try to shut down virus scanners (Gaobot).
I know they're not malware in the sense that they format your HD or anything, but when your server runs at 10% of it's normal speed, that's enough to take down almost any operation.
-=Lothsahn=-
> If I was in charge of a university's computer systems,
> absolutely no proprietary, closed source software would be
> allowed anywhere on my network, especially not the parts
> accessible to students
So, preventing your students from being unable to run Mathematica, Maple, Matlab, Visual Studio,... is educationally beneficial in what way?
Yes, closed source software has problems. So does open source. An all-out ban either way helps no one and solves nothing.
Je fume. Tu fumes. Nous fûmes!
I just got hit with wone of these lsass viruses a few weeks ago.
Completely patched.
My stupidity was DMZing my firewall. Stupid, STUPID.
Freinds don't let freinds open their firewalls. Not even to play video games, no matter how many processes they have deactivated.
I think the tragedy here is that most "regular power users" (ie. the folks who think that they're big shit because they can install antivirus software and change their windows desktop) probably don't realize that it's entirely possible to have a completely patched windows machine that can still get infected by a virus if you plug it right into the internet. I honestly think these things are reaching a critical mass. It'll be interesting to see exactly how that manifests.
It's been a long time.
Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?
Should read "Of course, all good Slashdotters patch their systems and have a firewall, don't you?".
Running something other than Windows is not a good reason to ignore security.
And thank you for your lazy attitude - you're the reason spammers can control broadband connected zombie boxes to fill my inbox with massive amounts of shit.