Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Bracing for Worm Attack

Posted by ryuzaki0 on from the red-alert dept.

10010010 writes "A network worm attack targeting a critical Microsoft Windows vulnerability appears inevitable. The flaw is easy to exploit, as evidenced by the quick release of an exploit module for HD Moore's Metasploit Framework. Within hours of the Patch Day release Tuesday, two pen testing companies (Immunity and Core) created and released 'reliable exploits' for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1."

9 of 256 comments (clear)

  1. Re:Not really that serious by Anonymous Coward · · Score: 1, Interesting
    How easy it is to bring an infected laptop and plug it in behind the firewall?

    Where I work, this is not allowed. Plugging (or unplugging) any machine from our LANs without permission will quickly bring a tech, supported by a group of armed MPs, asking questions.

  2. Re:So, an Exploit For a Patch? by tomstdenis · · Score: 4, Interesting

    Sadly "properly firewalled" also means from your peers inside your network. When I was in College it was routine for viruses to spread almost instantly in the labs where we had our own system drives (e.g. not locked down). Similarly at any sufficiently large office there is bound to be at least one complete f'ing idiot who clicks on all email attachments and thinks "browsing the net commando style" is top shit.

    Tom

    --
    Someday, I'll have a real sig.
  3. Re:Looking for fame and fortune by Anonymous Coward · · Score: 1, Interesting

    Umm...of course they're trying to make a name for themselves. They start a company called Immunity. This company's purpose, ultimately, is to make money. Well, they specialize in security assessment. Now they have to market themselves....let's see, what company is going to flip through magazine ads looking for a security assessment company? Not many, eh? Okay, then, let's use our skills, publish an exploit, then say this is what our company does, so hire us today! As long as they're not cast out as some Black Hat group of hackers, I can see companies (more than what plain advertising would bring in) giving this company a second look for their own corporate security.

  4. Re:So, an Exploit For a Patch? by Foofoobar · · Score: 2, Interesting

    Damn straight Baby! I used to use Fedora but a co-worker turned me onto Kubuntu (a KDE version of Ubuntu). At first, getting used to a Debian based distro was tough but I quickly realized that I really didn't have to do my makes or check for dependencies and a ton of the other stuff that can just be a constant annoyance and reduces consumer uptake of Linux as a Desktop.

    I have it installed on my Mom's computer and she loves it! Instantly detected her new digital camera my brother got her, her scanner, her printer and I even installed all the extra codecs so she can play WMVs and other multimedia.

    Plus she practically squeeled with jhoy when she realized that she wouldn't have to have any anti-virus software on her system and didn't really have to worry about spyware or anything else.

    I now run Ubuntu at home and at work. When all the windows systems are getting patched, updated crashing or just dying (my bosses computer needs a re-install this morning), I can just keep plugging away.

    --
    This is my sig. There are many like it but this one is mine.
  5. Data Execution Prevention? by Anonymous Coward · · Score: 1, Interesting

    The bulletin states that this is a buffer overflow vulnerability and that a firewall would protect against an exploit. It does not mention whether Data Execution Prevention (which is supposed to monitor for buffer overlows), included in XP SP2 and 2003 SP1, would prevent the exploit. Anybody know if it does?

  6. Re:Not really that serious by walt-sjc · · Score: 2, Interesting

    Hmm. Got modded funny, but I was serious. If the ports are blocked on your firewall, the worms just move on. If enough people would respond back with a flood of garbage, it would be a reverse DOS. Instead of reponding with an ubuntu ISO, you could scan the attacker for open ports and flood those with SYN packets. Enough is enough. If we just do nothing about zombie attacks and machines, they will just continue. It's time to fight back and make zombie networks useless.

  7. Re:Not really that serious by plover · · Score: 2, Interesting

    My son is heading off to university in a month, and he just bought a Netgear NATing firewall to keep the personal equipment in his dorm room isolated from the rest of the worm-ridden idiots at the school. So that leads me to a question for you: How does your company's device handle non-Windows equipment hooking up to the network? Alternately, how could it verify the anti-virus software was present behind a hardware firewall? How does it deal with a Linux or Mac box hooking up? Or is the device made primarily for homogenous Windows-only workplaces, with hand-entered exceptions?

    --
    John
  8. Win 98/ME not affected by mabu · · Score: 2, Interesting

    It's also worth noting that according to the reports, the now "un-supported" Win98/ME OS is not vulnerable to these exploits.

  9. Re:Not really that serious by g-san · · Score: 4, Interesting

    Nah.... tarpit. Put a listener on those ports (you windows users will have to reboot into linux for this. try it, you'll like it.) Open the connection, read from the channel, then just sit there until the remote end times out. If the worm is stupid enough it will connect back to your PC a few times. That slows them down, and doesn't cause any harm to the net. Or send back three bytes of data every 20 seconds or so... the remote end will buffer it expecting more to come and stretch the timeout even further.