Nimda To Strike Again

Seabass55 writes: "Researchers say Nimda is set to propagate again after rechecking Nimda's code. God help all the MS boxes ... again." Looks like the owners of unpatched IIS machines have until 9 p.m. GMT (1 a.m. ET) to get ready. I'd like to see a nice double stockade for the writers of Sircam and Nimda, and maybe some fireants. Update: 09/27 22:45 GMT by T : Temporal confusion -- that's 5:00 GMT, sorry :) Update: 09/28 00:14 GMT by T : Carnage4Life contributes this link to a command-line tool from Microsoft to list patches already installed or still needed, if you think your Windows machine may be vulnerable.

Patch your damn servers!

[jiheison]

I'd like to see a nice double stockade for the writers of Sircam and Nimda, and maybe some fireants.

Maybe just corn syrup and regular ants for the admins who still haven't patched their servers.

What?

[jpinnix]

No double stockade and fireants for the IIS creators?

sircam may me feel warm today though...

[edrugtrader]

a video game i wrote 10 years ago in Qbasic was just emailed to me today via sircam...

that means that someone actually had it on their computer, and that made me feel all fuzzy.

god bless sircam, and its glorious resurrection and distribution of great software titles.

Re:Math? (Mea Culpa)

[timothy]

You're right -- I just updated it to reflect the right time :)

Sorry about that.

timothy

There is blame for Microsoft as well

[chongo]

I'd like to see a nice double stockade for the writers of Sircam and Nimda ...

I'd like to see something similar for the IIS developers along other selected members of Microsoft.

... or maybe a class action lawsuit against Microsoft for using their monolopy to propogate such insecure code?

Re:sircam may me feel warm today though...

[BIGJIMSLATE]

I had a similar case, but it involved some porn. Now naturally I'd be happy about that under normal circumstances, but not if it's my freaking SISTER!

EWW.....

Re:What?

[chromatic]

Presumably they already have to attend Microsoft pep rallies, where Steve Ballmer may dance again. Haven't they suffered enough?

Re:Thanks, guys

[carlos_benj]

Why do you need to label yourself anyways?

So we know what shelf to sit on?

Re:sircam may me feel warm today though...

[allism]

Ummm...your sister SENT you this porn or your sister WAS this porn?

Re:sircam may me feel warm today though...

[ocie]

Yeah, it's good to see that push technology is finally coming to the net :)

Re:sircam may me feel warm today though...

[geekoid]

isn't that the wierdest feeling?
I went to a someone house to find out why there PC was running slow, they had a program I wrote 8 years ago, and they were still using it! I did ask him why he never sent the author the shareware money(10.00). he said "I'm sure he made so much money he won't miss my 10 bucks".
then I told him it was me, and NO ONE sent me ANY money. boy did we laugh. Of course he still hasn't paid me my 10 bucks...rat bastard.

Re:If you follow good practice...

[Spy Hunter]

WARNING to IE6 users or people without Outlook installed: You are not invulnerable! A virus file on your system can still easily be excecuted. I recently got infected, and it was the dumbest thing ever. Some time ago I had to reinstall Windows (gdi.exe was corrupted!?!), so I backed my files up to my friend's computer over the network. To get them back I made an open share on my computer (should have had a password) and sent them over. When I was done I noticed that some *.eml files had been inserted into my open share. "Hey, that's the virus I read about on Slashdot," I thought. So I went to delete it. I simply selected the file to delete it (I didn't run it) but Explorer, in its infinite stupidity, ran the file in the preview pane! Simply by the act of selecting the file I had run it inadvertently! This on a system running IE6 without Outlook installed!

Fortunately I was able to boot into Linux and delete all those .eml files, then download a virus remover from McAfee or someplace. But let this be a warning: Before deleting a .eml file, TURN FILE PREVIEWS OFF!

killer app

[Anonymous Coward]

nimda and its ilk are the killer apps that will
spark the next information revolution.

I'm looking forward to Microsoft's first foray into creating actual worms, instead of just
providing the infrastructure.

One day we will all look forward to the next MS worm with all the enthusiasm that we now share for the next Windows.

Re:Terrorists?

[Anonymous Coward]

Hackers find security holes. Crackers take advantage of them.

Hackers don't replace their divots and generally carry a large handicap. Crackers are a tasty base for cheese or a light spread.

Re:I am so sick of this

[Black Parrot]

> I am ready to frigging quit and become an English Teacher fuck the money!

Read up on "run-on sentences" before you quit your day job.

Profit from it!

[manon]

Let's make some profit out of Nimda :)

Like T-shirts...
"I've been attacked by Nimda and all I got whas this T-shirt"
"Chicks dig Nimda"
"(front:)IIS (back:) you are dumb"

Or posters...
"Internet map of Nimda infected domains"
New 'Inc DeMotivators' poster :"Suicidal" with a kind of Nimda showing.

We should inform Thinkgeek [thinkgeek.com] of this nifty plan :)))

Here's how I'm getting them patched

[DrSkwid]

I've gone through my logs and found quite a few

What I do is go connect to the offending box via smb

Usually they have a printer attached to it so I print out a page of A4 with :
"YOU ARE INFECTED WITH NIMDA, SORT IT OUT
here's how : http://www.antivirus.com"

on it in 72 point text

it's working so far

if they don't have a printer then they usually have an open share that's world writable so I leave text files called

you are infected with nimda.txt

and put the url inside them

that's closed a couple too

(I also found a keygen I'd been looking for so that was a bonus)

I'm not sure if nimda resets the passwords but which might not lead to a surprise of how far you can go with

un : adminsitrator
pw :

have fun

Re:Patch your damn servers!

[Rogerborg]

• I'd like to see a nice double stockade for the writers of Sircam and Nimda, and maybe some fireants

I'd recommend 25 years of indenduted servitude at Microsoft. Possible outcomes:

• Microsoft learn how to think and code defensively.
• Microsoft learn that bigger isn't necessarily better.
• The s'kiddies have the will to code sucked out of them.

Either way, we win.

Re:Not Me

[CaraCalla]

Why don't you send the bill to Microsoft? After all it's their software which sucks.

Re:Not Me

[psin psycle]

If he threw a bottle of gasoline through the window and did $25k of damage, he would be prosecuted for a felony.

We've know about these exploits for many many years. There are even patches for them, fire retardant materials and bullet proof glass. For some strange reason though, it is still the bottle thrower who is at fault and punished, and not the poor facilities guy who didn't upgrade the bits that make up the windows to something that cannot be attacked.

Why the double standard? In the 'real world' good-enough security is, well, good enough. In the computer world, good-enough security gets laughed at and scorned.