Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lessons Learned From Blaster

Posted by timothy on from the evil-compounds-itself dept.

CowboyRobot writes "It's been nearly a year since Blaster struck, causing hundreds of millions of dollars in fixes and lost revenue. Jim Morrison of Symantec goes step-by-step in looking at how the Blaster worm got out of control so quickly, and what lessons can be learned from that event, by studying how one utility company dealt with it." The story is written as a fun, technothriller narrative; here's an snippet: "The laptops, usually out in the field, were always a hit-and-miss proposition to find on the network and deliver a patch or to have the user take the machine to a field office. That meant that on the 16th they could see a flood of traffic launched against Microsoft. The second phase of Blaster, launching a DoS (denial of service) attack against windowsupdate.com, was imminent."

4 of 312 comments (clear)

  1. I learned from Blaster six months before the fact. by gfecyk · · Score: 5, Interesting

    Back when Messenger Service popups happened and started using $80 hardware firewalls that doubled as Internet sharing boxes.

    When Blaster hit I was sitting pretty and so was every client that took my advice.

    *yawn*

    --
    Use Evolution instead of Outlook? Bewa
  2. Re:Lesson Learned... by Prod_Deity · · Score: 5, Interesting


    First off... I personally agree with that statement.
    Second... I was working a dead end call center job for an ISP when Blaster was running rampant.
    Even though this was a Windows problem (and should have been sent to Microsoft), we trouble shooted it since it did technically stop a customer from getting online.
    I think after that, nearly every Joe 6-pack finally realized that the thing in his "Start Menu" called "Windows Update" was something to use often.

  3. Trusted Computing is the answer. by King_of_Prussia · · Score: 5, Interesting
    No, hold back your -1 troll mods, I don't mean that coathanger abortion of an idea that Microsoft has been diddling around with for a while, but a new kind of trust level for computer users. Say everytime a virus has to be removed from a Windows box because a user clicked an attachment a little value increments by one. Once it reaches 10 or so the computer starts throwing up helpful hints like "Don't click on things labelled 'Enlarge your Penii!', they can most likely not deliver on their claims!".

    If it gets really high, eg 50 or so (your average AOL user) automatically turn on the Windows Firewall, and include a flag on every outgoing packet indicating that the user cannot be trusted to operate their computer in a safe fashion. Webmasters can then block traffic from these PC's at their discretion - Problem solved.

    --

    Making the moon less necessary since 1998.

  4. Re:VPN's aren't perfect pipes by thogard · · Score: 5, Interesting

    VPNs can be owned too so can "tursted" links to remote controled system. We had a (XP?) box deep inside our network get compromised with a virus that stayed in memory. It got there over a remote control system from another PC that was sometimes hooked to the net. The box deep inside the network then started hunting for other boxes to own, and it found a NT 4 server that could make outbound connections to the net and it set up a nice little email proxy. Lucky for me, my test network isn't as open as it appeared and my freebsd box clampled down on the outbound smtp traffic. A few new rules later (to let the SMTP traffic appear to go out) and the NT box was trying to spam AOL as fast as it could.

    There are some tricky things out there that will take advantage of "internal trust" so my new rule is no PC talks to anything else but its samba, proxy or email server. Windows PC's can't talk to any other Windows PC.