Author Topic: RPC worm (Read 2030 times)

Fett101 · « **Reply #30 on:** 15 August 2003, 08:30 »

I don't get it.

HAH!

raptor · « **Reply #31 on:** 15 August 2003, 21:24 »

gates is a fucking idiot, he probably wrote the fucking worm (virus) so microsoft.com would get more hits for the patch. also so microsoft gets more publicity.

suselinux · « **Reply #32 on:** 15 August 2003, 10:40 »

My greatest fear in this topsy tervy world of home land defence, is that Gates dosent say

"Well, this thing is aflicting windows, and windows is so crappy that no one could have produced the worm with XP, so it must have been created with Linux, unix or a mac. Unix is comercial so a hippy haxor probably would'nt use it, and only artsy faggots use a MAC (Bill gates' words, not my own), so it must have been Linux. nearly everyone in the country uses XP so for the safety of the nation we must outlaw Linux!"

If gates said this the right wing government you guys have would rub their palms and smile.

Faust · « **Reply #33 on:** 15 August 2003, 20:50 »

quote:

Samba was started by a guy so cool that when people wanted to give him money for it he just told them as a joke to send him a pizza.

Yah Dr Andrew Tridgell. And he goes to my local LUG. And next year I get to listen to him teach me all about bits of the Linux kernel. (He occasionaly guest lectures at my University.) Drool. Worship. Bow.

We loves you Andrew!

quote:

From what I've heard, the samba team hasn't had any want for pizza.

They always have pizza. $6 at every CLUG meeting and you get a large pizza. Who wouldnt want pizza?

Ooh I must start copy pasting this guys clug posts to a big file as like a historical artifact...

edit:

quote:

Turn on your firewall, also look up the tool removal for msblast.exe on symantec.com, and run that. Getting online without a firewall is stupid anyways.

Yeah if you have insecure servers running it is. Firewalls should be a redundancy, (ie you shouldnt rely on them) at best. No offense but assuming that just running a firewall alone makes you safe is kinda lame.

edit: And yeah thanks for the clarification M Obrien. Wouldnt want to associate samba with cmb.

[ August 15, 2003: Message edited by: Faust ]

SirRoss · « **Reply #34 on:** 15 August 2003, 21:32 »

Has anyone connected this with the huge powercut in america i was just thinking of that also i've got my whole old networkd running and on an auto timer to connect tonight at 11:00 lol but back to the powercut has anyone thought of that?

jasonlane · « **Reply #35 on:** 15 August 2003, 22:05 »

quote:
Originally posted by SirRoss:
Has anyone connected this with the huge powercut in america i was just thinking of that also i've got my whole old networkd running and on an auto timer to connect tonight at 11:00 lol but back to the powercut has anyone thought of that?

I have been praying, so very, very, very hard that it is connected. It would really be the begining of the end of M$ if that were true, billions if not trillions of dollars lost, lot's pissed people, Gov agencies etc.....

However it probably isn't

Power stations are not (I think, although they recieved certification last year?) allowed to use Windoze for mission critical systems. They shouldn't be at any rate.

raptor · « **Reply #36 on:** 15 August 2003, 22:29 »

oh ya like this http://news.com.com/2100-1002_3-5064433.html?tag=fd_top will help!

oh and saturday may be M$ doom day, with huge DoS attack planned.

[ August 15, 2003: Message edited by: raptor ]

mobrien_12 · « **Reply #37 on:** 15 August 2003, 23:39 »

quote:
Originally posted by Zardoz:

Power stations are not (I think, although they recieved certification last year?) allowed to use Windoze for mission critical systems. They shouldn't be at any rate.

People think the chain reaction started in Canada. Do they use windows for power stations in Canada?

It might be too much to expect the worm and blackout to be related... on the other hand it is one heckofa coincidence.

blackphiber · « **Reply #38 on:** 16 August 2003, 00:19 »

just found on slashdot that www.windowsupdate.com now has a Linux server up, just put it up the day before the attack. I can see it now billy saying that it went down because someone set up a linux server for it. Scarry thing is windows users might belive it. windowsupdate.com
although the netbock owner is not MS but still I find it entertaining. Linux just might keep it up for MS and then gates might praise his crappy software more. *throws middle finger up*

Faust · « **Reply #39 on:** 16 August 2003, 01:15 »

quote:

A flaw in Windows Update caused some organisations - including the US Army - to wrongly believe they were protected from MSBlast, according to a researcher

A flaw in Windows Update -- Microsoft's online tool that lets customers update their operating system with patches and fixes -- enabled the MSBlast worm to infect computers that apeared to have already been patched, according to a security expert.

The flaw led to a US Army server, among others, falling victim to MSBlast, according to Russ Cooper, chief scientist at security company TruSecure.

Windows Update works by adding an entry into the system registry every time it installs a patch. When users log on to the update tool, it scans their registry and offers them list of patches that have not yet been installed. Cooper said that this mechanism was found to be flawed.

"We found that people had got the registry key for the patch, but not the file," he said, explaining that the error could be triggered by a number of reasons -- from an incomplete installation to a lack of system resources.

"If you go to Microsoft's site and say, 'tell me if I am up to date', and it says 'you are up to date', but you are not, what are you supposed to do?" he said.

In order to fix the problem, Windows Update should be looking for the actual fix rather than just a registry entry, Cooper argued. This feature is already included in the tool, but is not "fully enabled", Cooper said.

He recommends that users should run the Microsoft Baseline Security Analyzer (MBSA) as an alternative to Windows Update for checking to see if patches have been correctly installed. MBSA is also designed to look for security problems in the Windows registry and can be downloaded free from Microsoft's Web site.

Microsoft did not respond to requests for comment on the Windows Update issue.

Patching has been a thorn in Microsoft's side, with companies complaining that it takes far too long to implement patches because of the compatibility testing that is necessary before deploying them to thousands of servers and desktops. Additionally, the sheer volume of patches being generated by Microsoft means that companies are finding it difficult to keep up.

Stuart Okin, chief security officer at Microsoft UK, admitted that Microsoft customers spend too much time fixing their systems: "Our customers don't necessarily have the programmes, processes and environments in place to deal with dynamic changes," he said. He admitted that companies have had problems deploying the patch to thousands of workstations or servers "within the space of four weeks" -- approximately the time between when the vulnerability was discovered and the worm was released.

Last year, Microsoft launched its Trustworthy Computing Initiative, which included retraining its programmers to ensure their code was written with security in mind and involved an overhaul of its entire patching system.

Okin said that within two years, Microsoft will have made significant changes to its Windows Update service. The company is planning on introducing a single update source -- probably called Microsoft Update -- which will be capable of updating all of the Microsoft products installed on a computer.

I've been having a few arguments recently with people who claim that "all you need is a firewall and regular patching and you're secure!" So nice to be proved right...

mushrooomprince · « **Reply #40 on:** 16 August 2003, 01:55 »

All the win2k machines in our school library got hit by that virus.

M51DPS · « **Reply #41 on:** 16 August 2003, 07:33 »

According to other stories, two new versions of the worm are circulating and e-mails related to the worm and containing trojans are also circulating.

suselinux · « **Reply #42 on:** 20 August 2003, 11:52 »

The Sobig e-mail virus that caused havoc two months ago has reappeared in a virulent new form, according to e-mail service provider MessageLabs.
web page

Sobig.E is more efficient than previous versions of the virus

Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif.

mobrien_12 · « **Reply #43 on:** 20 August 2003, 13:36 »

quote:
Originally posted by suselinux:

Sobig.E is more efficient than previous versions of the virus

Stupid worm FUBARed the network here today. I've gotten five emails either sending me the virus or claiming I sent the virus to someone else...

I don't have the virus cause im not a windoid retard who opens every attachment he gets. Unfortunately the new version picks email addresses off the hard drive at random and puts them in the FROM field.

jasonlane · « **Reply #44 on:** 20 August 2003, 14:31 »

M$ and all their products should be banned!

If they were making cars they'd have been out of business years ago.

Stop Microsoft

News:

Author Topic: RPC worm (Read 2030 times)

Fett101

RPC worm

raptor

RPC worm

suselinux

RPC worm

Faust

RPC worm

SirRoss

RPC worm

jasonlane

RPC worm

raptor

RPC worm

mobrien_12

RPC worm

blackphiber

RPC worm

Faust

RPC worm

mushrooomprince

RPC worm

M51DPS

RPC worm

suselinux

RPC worm

mobrien_12

RPC worm

jasonlane

RPC worm