Nimda To Strike Again 523
Seabass55 writes: "Researchers say Nimda is set to propagate again after rechecking Nimda's code. God help all the MS boxes ... again." Looks like the owners of unpatched IIS machines have until 9 p.m. GMT (1 a.m. ET) to get ready. I'd like to see a nice double stockade for the writers of Sircam and Nimda, and maybe some fireants. Update: 09/27 22:45 GMT by T : Temporal confusion -- that's 5:00 GMT, sorry :) Update: 09/28 00:14 GMT by T : Carnage4Life contributes this link to a command-line tool from Microsoft to list patches already installed or still needed, if you think your Windows machine may be vulnerable.
Again? (Score:2, Interesting)
Mind you, I've not seen a significant dropoff in my firewall hits (hits doubled after Nimda first hit), but perhaps I've not been checking properly.
Thanks, guys (Score:1, Interesting)
On another note, I think that these viruses totally justify Ashcrofts view as labeling "hackers" as terrorists...the virus writers are really wreaking havoc.
-z
Not Me (Score:4, Interesting)
Are you kidding?
Legislation shows that people have a hard time differentiating what's a serious offence and what isn't.
For one thing, taking this out on someone hard, would only lead to approval of laws like the proposed law to make a bunch of kids in HS "terrorists" for winnuking each other.
We KNOW that these aren't hard to create, kids with no formal training can crank them out like they're nothing. To a 14 year old kid who needs to show off to his friends (and almost all of them do), it's IRRESISTABLE. I can't picture throwing someone behind bars for more than a couple years just because they're virus is effective.
If anything, they need counseling to know WHY what they are doing is bad, that it affects other people and that it isn't just a game, but certainly making an example of these people sets a precident for the treatment of all of us.
In other words, turn some silly kid with a script for making viruses into a real criminal, when people are getting in trouble for stupid stuff like scanning someone's ports, and soon you'll see anybody without corporate backing thrown in jail for having a debugger.
Why the sudden infux? (Score:3, Interesting)
Is their widespreading mostly helped by the recent influx of cable/dsl users? Instead of the usual MS bash, could we try to explain some of the factors that make these stories so common on
Of course, we can't escape that it was Microsoft that published exploitable code but I'm sure their software has always been as bad so what else is behind the current surge?
Re:what do you mean again? (Score:3, Interesting)
Math? (Score:5, Interesting)
9pm GMT -05:00 (EST) is 4pm EST.
However, the time mentioned in the article is 1am ET. Hazard a guess that it is really EDT they are citing, making 5am GMT zero hour. It will be 12:00am (Midnight) EST.
Nimda cost me Microsoft. (Score:5, Interesting)
Is this a Microsoft problem? You bet.
Microsoft OSs do not have a complete, common set of system administration tools built in. This results in haphazard machine administration.
Microsoft and other companies sell useful administration tools, but these are high priced tools that only do a piece of the job. And since they aren't included with the OS, very few sysadmins have expertise with them.
So Microsoft, get on the ball. If you want to sell an OS, it should be ready for the enterprise.... including enterprise administration.
In the meantime, we're porting our apps from IIS to Apache. Yay!
Dangerous Viruses?? (Score:5, Interesting)
We seen a number of highly infectious viruses in the last year (Sircam, Code Red, Nimda, etc), but none of these were actually very destructive. Sure they are a pain to get rid of, and may spread a little information around, eat up bandwidth, or compel you to reformat just to be sure, but they aren't flattening people's systems.
Whatever happened to the anarchists out to destroy the system? Now admittedly I don't want to encourage people to be more destructive, but it seems almost trivial to think of ways that viruses and worms could easily be made more destructive. For instance, upon infection, delete everything in the "My Documents" folder. Or, change default web page to a share of the whole computer. Or even wait a couple days and then wipe the person's hard drive.
I haven't been vulnerable to anything to come along lately, and I'm glad, but I'm also glad to note that the truly skilled black hats out there seem to have moderated how much damage they actually intend to do. I wonder if they are scared what the law might do to them if their attack truly was evil.
Terrorists? (Score:4, Interesting)
1. They take hostages
2. They kill people
3. They make demands
4. They invoke terror in their victims
In no way do these "hackers" fit the description of a terrorist except for maybe #4. These are generally just people who find a whole in security and take advantage of it. They can be really annoying, and people who make these types of viruses should be tried for damages, but I don't think they fit the desciption of a terrorist.
But more important, I think Ashcroft isn't talking about virys writing hackers, but any type of hacker. Essentially, if you mess with a system at all, then you're a terrorist accroding to Ashcroft.
Boy, my parents must be disappointed in me now, rasing a terrorist..
F-bacher
Re:Not Me (Score:3, Interesting)
But this is really an argument in favor of different sentencing for juveniles than for adults (an idea that I support, and feel that recent laws are incredibly stupid to ignore) not against heavy potential penalties for writing viruses. IMO, writing a virus is the ethical equivalent of starting a fire, and deliberately releasing one is the moral equivalent of arson. Like a fire, a virus has the potential to spread completely out of the control of its originator and cause tremendous damage along the way. Little kids are not generally sent to prison when their playing with matches burns something down, but adults who do so are- and deserve to be- treated quite harshly. IMO any person who is legally competent to understand the consequences of releasing a virus and does so anyway deserves a nice long vacation at Club Fed.
Re:Not Me (Score:5, Interesting)
Despite the fact that I thought we were patched and secured, the Nimda worm hit our servers. Oops - missed one of those MS security bulletins. My bad.
The cost in real dollars (not "gartner dollars" or "TCO dollars) to clean it up was around $25,000. For one small manufacturing company.
If a naughty kid threw a rock through our window and did $100 of damage, the police would yell at him and call his parents to pick him up. If he threw a bottle of gasoline through the window and did $25k of damage, he would be prosecuted for a felony.
So exactly how is this Nimda bomb not a "serious offense"?
sPh
Re:Dangerous Viruses?? (Score:2, Interesting)
The new worm/virus phenomena is more of an annoyance. I keep my servers patched and protected, but I get 20+ emails a day from my users (all properly paranoid) about the new virus they heard about while driving in to work. That is the worst part.
How long until someone drops the bomb? (Score:3, Interesting)
FORMAT C:
as the ultimate payload of a nimda-like worm, and all hell, and I truly mean all hell is going to break loose.
I think that it's absolutely shocking that no one knew until right now that the damn thing is going to start up again tomorrow. What else don't we know about the program? I certainly hope that the experts who are now giving us some six hours notice (at night!) that the damn thing is about to restart haven't missed any other little details of the worm's operation.
The entire ISS/Outlook security situation is absolutely shameful. Microsoft has been fucking around for years piling on layer after layer of buggy, insecure active this and executable that into the Windows mail system, and pretending that it doesn't matter, and the result, today, right now, today, is an internet that's about as secure as an airport with no guards, and half the locks in the terminals and on the planes flat out nonfunctional.
Someone is responsible for this mess, and it ain't the folks who wrote the RFCs!
How to install patches without a network? (Score:2, Interesting)
Anyway, as soon as we were done (installing while his home network was live), we tried getting to windowsupdate.microsoft.com to install patches. However, we soon discovered that we were already infected! Two freaking minutes after installation!!
If you don't install behind a firewall, how the hell are you supposed to get updates to all of Win2kPro's problems without getting infected?
The myth of regular patches (Score:3, Interesting)
But does IIS really need patches as frequently as you imply? Code Red, Code Blue, Nimda et al exploit the same security hole that is almost a year old. The problem is that for every security hole, there are several waves of worms because IIS admins simply never patch their boxes.
If you disbelieve me check out Netcraft's security survey [netcraft.com] which shows how long several IIS boxes have gone unpatched and that about 12% of SSL sites (meaning they are probably eCommerce related) running IIS have been "rooted".
Re:sircam may me feel warm today though... (Score:1, Interesting)
The resulting picture got sent out to a bunch of people from the school and since then I've encountered it twice randomly over the internet. Once while looking through a humour website, and another time it was part of an email forward sent to my college roommate (who wasn't from my high school).
Re:Some advice to cut down on the runnin around. (Score:2, Interesting)
From the OpenBSD website: "Four years without a remote hole in the default install!"
Now, with the resources that M$ has, there's no reason why they shouldn't be able to say the same. The simple fact is that they've determined that they can make the public believe that they are not at fault, so it is more cost effective to add another "feature" to the os. If general motors didn't put airbags into their cars so that they could put in extra cup holders, would they be at fault? After all, it is the other car that actually caused the fatalities, right?
Re:SysAdmins....wake up (Score:3, Interesting)
Thats then thing that really pisses me off, we spend the time to lock down and secure our netowkrs, hours patching systems and making usre virus scanners are up to date and then we get slammed by servers we have no access to or control over - yet we are the IT dept.
If we cant maintain it and gurantee it safe then it should not be on my network dammnit !
Windows Update?! (Score:2, Interesting)
For the past month or so, all that's been there are IE6 and Microsoft Messenger 3.6. Whoopie.
So, I'm safe. Nothing can touch me.
UNTIL I SEE THIS STORY ON SLASHDOT. That "command line tool" (hfnetchk) showed that I had 8 security patches I needed to apply, one of them had a WARNING next to it.
Uh, hello Microsoft? Is Windows Update NOT for security updates? Just a place to peddle your frickin MSN Messenger!? I'm sure there's thousands of people like me who think that since Microsoft doesn't have any security updates posted under the CRITICAL heading on Windows Update, that we're free and clear. Geeze.
eh... actually I'm glad about these viruses (Score:3, Interesting)
How to protect an intranet with Linux? (Score:2, Interesting)
How can I use the Linux firewall to protect all the machines inside it from those evil viruses? Any ideas/URLs? There *must* be something!
Re:9 PM? (Score:2, Interesting)
Except the user was right, of course - if you guys weren't using NT, or possibly just kept up on the patches from Microsoft and hoped that those patches didn't hose something else that was important, the Internet wouldn't be broken (or at least the only brokenness would be coming from machines outside of your site, which you could at least firewall off). Heaven forbid a user point out that you guys can't keep it together. The fact that you had to work really hard and still couldn't get things back up in a timely fashion doesn't fill me with sympathy at all, it just makes me wonder when you'll finally come to your senses and use a technology that doesn't let you down so badly. I'm guessing not too soon, though.
- ethereal, who bitches all the time about the Microsoftening of his workplace, because the IT team deserves to hear exactly how their "solutions" are working out. "Not well" is the answer.
We need 'Bandwidth Liscenses' (Score:2, Interesting)
Class A: You can administer high-bandwidth connections (ISPs)
Class B: You can get broadband
Class C: 56k dialup max
Class D: 28.8 AOL for you!