The authors have a personal message for the MS founder, "Bill, why do you let this happen?" Why do some people seem to want to kick a dead horse, the NT security model?

This might be a precursor to the polymorphic virus (self changing) that could bring down the net.


http://news.com.com/2009-1002_3-5062485.html?tag=fd_lede1_hed

Originally posted by chatins
This might be a precursor to the polymorphic virus (self changing) that could bring down the net.

i doubt it will "bring down the net", it will only slow down the parts that are running windows, especially the Windows Update site. I know my machine will be safe from the maelstrom, if there ever is one.

If it does cause the net to come down, only us 'smart' Linux users will be surfing the net on Linux servers. :cool: :cool: Oh, macs to I guess.

Linux good, Microsoft BAD. Windoze reminds me of a poorly designed car; always working on it, never driving it.

:D :D :D

Bringing down the Internet isn't possible. It's like trying to end all employment. The net's all over the place...you'd have to go break the gateway of every network everywhere to take down the net. It's not going to happen.

Originally posted by andysimmons
Bringing down the Internet isn't possible. It's like trying to end all employment. The net's all over the place...you'd have to go break the gateway of every network everywhere to take down the net. It's not going to happen.

It is very possible. Until someone fixes it.

Originally posted by dalek
If it does cause the net to come down, only us 'smart' Linux users will be surfing the net on Linux servers.

What about Linux desktops? Note to trusted computing initiative staff:http://www.timeandspace.org/tantrum.gif

Originally posted by chatins
This might be a precursor to the polymorphic virus (self changing) that could bring down the net. OFF'S !!! (pardon the FLA, but if I spelled it out in full I'd have to edit my own post for profanity).

Do your research- Polys aren't anything new, so please stop spreading the FUD. Instead of posting links to alarmist articles which in and of themselves give the reader very little information, it would be more helpful if you directed people to sites such as
SARC (http://sarc.com/) so that they could track these virii and worms themselves,

With that said, here's a link (http://sarc.com/avcenter/venc/data/w32.blaster.worm.html) to the Blaster worm's specifics.

Imagine my suprise when I went to my parents house and stayed the night last night and when I went on the computer before bed, soon after I connected a window popped up telling me a RPC terminated and that the system would reboot in 1 minute!

WTF!? How did the worm even spread? I checked outlook to see if any infected emails had been sent, but it seemed that there hadnt!

Luckily, I got it removed for them and informed the ISP. Heh... another reason not to use windows. I think I may not use XP after this anyore.

Microsoft released a patch for this vulnerability last month. It is people's own fault for not keeping their Windows product(s) up to date.

Originally posted by Hayl
Microsoft released a patch for this vulnerability last month. It is people's own fault for not keeping their Windows product(s) up to date.

And normal people like my parents (who are in thier 50s) who have a hard enough time going where they want on the internet and checking thier email are expected to be able to keep up with all the security updates that MS releases each month?

my mother (who is 59 - will be 60 in October) doesn't have a problem with it. i wrote a document for her that explains exactly what to do and she does it and understands why she is doing it. for anything she needs done that she can't do herself, I VNC into her machine and do it for her. she even knows how to turn on VNC and open the correct port for it on her router (also - a document I wrote for her on how to do it).

and for people who are not capable of going to windows update on their own and clicking 2 or three buttons (however many), they should have the auto-update turned on.

imho, keeping your system up-to-date (either on your own or having someone do it for you) is part of the responsibility of having a computer.

anyway, i wasn't singling your parents out - i didn't even bother reading that post until after you posted the last one :) sorry if you took it to mean them specifically.

Heh... no problem. :D

In fact, i've had auto-update turned on for them ever since I removed the worm last night. Hopefully, this doesnt happen again, as I could just imagine the confusion of them explaining what happened to me over the phone.

Originally posted by carrja99
Heh... no problem. :D

In fact, i've had auto-update turned on for them ever since I removed the worm last night. Hopefully, this doesnt happen again, as I could just imagine the confusion of them explaining what happened to me over the phone.

lol. yes. i try to avoid on the phone descriptions from my mother. it's hopeless.

i have one windows box i keep around for my wife...i quit doing all the updates because like once a week it was like 20 new updates....got old quick....anyway my windows box got this thing last night....took me a couple of minutes to figure out what was going on and kill the worm and get back running....glad my servers are linux.....now here at work we are running into all of our field sales reps getting this...i work help desk....i sent out an email with the fix to all other help desk agents and 5 minutes later my supervisor emails all of us sayiing 'dont attempt to fix this yourself send this to desktop to fix' ....wonderful corprate america....let the workers suffer so some other piece of the machine can get all the credit for saving the day...

chatins: What about Linux desktops? Note to trusted computing initiative staff:

What I meant was us folks using Linux desktops and surfing through Linux servers. I would assume the windoze junk to be DOA and techies slinging wrenches trying to fix. I do after all hate windoze. Notice how I capitalize Linux and don't windoze. It's on purpose. Linux is mine and windoze is rented.

Hehe, this is fun...my desk is in the same room as the Help Desk so I get to hear everything they do (and help them, since they needs it :))

This worm just hit this morning and listening to these guys is like watch a 3 Stooges episode :D

"It's a hacker in our system"
"A virus..."
"It's a backdoor giving a hacker access..."

All the Win2k and XP systems in the company are constantly rebooting on everyone, but our location seems to be OK from all this (my work PC is Win2k, brought in my laptop which is WinXP/Red Hat9...ethreal is fun to watch with this going on :D)

Anyway, I'm OK and even if I wasn't I have Linux also so I can still get to my HP-UX system and work with little to no problems...

This is too much fun for me ROTFLMFAO!!! :D


Funniest this is last week out Net/Win Admin warned everyone last week about applying the patch to avoid this :p

Originally posted by superted
It is very possible. Until someone fixes it. Fixes what? Fixes the fact that until every gateway of EVERY network EVERYWHERE is broken the Internet isn't coming completely down? Tell me how this is "very possible"...

Originally posted by mahdi
Hehe, this is fun...my desk is in the same room as the Help Desk so I get to hear everything they do...This is too much fun for me ROTFLMFAO!!! :DHaha same here. This hit us yesterday afternoon and everyone was clueless... I love listening in! Well, off to work again...

i have one windows box i keep around for my wife...i quit doing all the updates because like once a week it was like 20 new updates....


I don't know how you got 20 updates a week. Since the release of winXP sp1, on sept 22nd 2002, I got 22 hotfix and 1 OE update, far from the 20 updates/week you are talking about. Just since last friday, I received 2 security updates from Redhat.

Originally posted by glussier
I don't know how you got 20 updates a week. Since the release of winXP sp1, on sept 22nd 2002, I got 22 hotfix and 1 OE update, far from the 20 updates/week you are talking about. Just since last friday, I received 2 security updates from Redhat.

ditto.

glussier you took the words right out of my mouth :)

like once a week it was like 20 new updates Note the *twice use of the word "like" and I think you will agree that he was either exagerating or emphasizing his point that the Windows box required what he considered a substantial number of updates/patches in a rather short time -I understood that he wasn't talking litterally --like sorry, it's just like the way we yanks like abuse the english language like ya know.

Originally posted by CMonster
--like sorry, it's just like the way we yanks like abuse the english language like ya know. duuuuude, like, that's just so like, ya know... deep, duuuude.

:D

I'm completly immune to most viruses.

My Linux box picks up the e-mail from my isp with fetchmail running as a cron job. My w2k box then calls the Linux box via POP3 and pulls all the e-mails running them through norton anti-virus and iHateSpam (iHateSpam is great!! only made for doze though :( )

That system works so well! Never gone down(apart from the w2k box when I tried multitasking lol). Never had a virus infect me. NEVER!! I'm so happy.

(sorry about the above, sugar overdose lol)

The Linux Kid.

Originally posted by Hayl
Microsoft released a patch for this vulnerability last month. It is people's own fault for not keeping their Windows product(s) up to date.
Thanks for the info Hayl, didn't know that. Then, I guess that's why I'm not having this problem in my dad/brother's computer because I keep everything up to date.

And yea.. this worm is spreading very quickly...

Watching the local news this afternoon, it seems this worm took down the entire Maryland MVA. All offices closed by noon. Good thing I didn't need to renew my license today!:eek: http://www.nbc4.com/technology/2399849/detail.html

Auto-update is a good thing usually; but at my job (tech.supp) day in and out I hear people complaining. "It was working fine this morning... it just quit". A good portion of those users I am able to get connected to the internet again, and what is the first page to pop up but the windows update page.

I just tried to access Windows Update to update my perants computer and it seems to be taking a very long time to load the main page. After 5 minutes it still only has the topic loaded.

I have disabled auto-update as I want to know what is happening on my computers so I only update it when I want to and when I have time.

Mahdi & andysimmons: You are both very very evil people, enjoying when everyone at the helpdesk is suffering. :D

I work at the helpdesk at my university and we got flooded with calls as pretty much every windows system on the network got infected. And trust me it wasn't funny to us poor fellows taking calls and trying to convince people that waiting is the only option they have until the virus gets filtered out. (Today was the last day to submit grades for summer classes so there was additional panic 'cause of that)

Atleast my home machines are ok so far as I rarely boot into windows. :) so I get to laugh and relax when everyone else is busy patching up their systems...

Its not possible to take down the internet fully but its possible to give the impression that it has been taken down if enough gateway's and major nodes are down. I know that most people at my college thought that the internet was down today 'cause the gateway & proxy servers were down and they couldn't access their favorite sites... just something t think about.

Cya,
Suramya

I almost had to laugh when a friend called me to tell me about this & it had infected his computer & could I fix it for him. I told him - yeah install linux, but... :( Anyways I can see the same thing happening to linux in the future when it becomes more popular. Although with the open source community, so far, we seem to be less affected by worms & the like because so many people look at the code & a "fix" is available before there is a problem. But, the problem is that some people don't keep their systems up to date & it then affects other people as well - people trying to access a daily website that is down & the like.

People should be more responsible with their computers. Just my .02 cents though if anyone cares :D

I was helping Windows dependent users recover from the virus when an MCSE that works with me made a CD that cleans and patches very quickly when inserted in an infected system. Worms are a common enemy, so Linux and Microsoft forces should work cooperatively on MSBlaster and some very polished variations that may follow.

Originally posted by bones996
Although with the open source community, so far, we seem to be less affected by worms & the like because so many people look at the code & a "fix" is available before there is a problem.

MS needs to go back to the drawing board on Longhorn and use an open source security model. Buying a Linux antivirus company like RAV is a step in the right direction.

Couldn't you 'in theory' take down the internet by attacking the DNS servers? It'd still be there, but unreachable by the masses.

i just laughed my *** off after my mom called me this morning to tell me she had a virus on her office pc, just to watch xp go down was fun... anyways i got it fixed, (booted into linux and typed rm /mnt/windows/windows/system32/msblaster.exe /mnt/windows/windows/system32/tftp344 )

see even here linux saves the day :)
nice to know that as soon as i got home my baby would still be up & running

Did it ever cross anybody's mind that if everyone is scrambing to windows update....they are running IIS.....just maybe it will bring all their web servers to their knees......it took forever to do a windows update today....and our company is on a T1.

It would be a good "ego crusher" for Microsoft who insist that IIS is (or will be - Windows 2003) the far superior web server than open source solutions -

Microsoft Corporate Executive: "The only reason this Apache stuff is running 90% of all websites is because they didn't know we had a web server - not because they thought open source web servers were actually the superior solution - I mean, c'mon - we're Microsoft - our software is built on stability and security"

Microsoft Corporate Executive: "The only reason this Apache stuff is running 90% of all websites is because they didn't know we had a web server - not because they thought open source web servers were actually the superior solution - I mean, c'mon - we're Microsoft - our software is built on stability and security"

hahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahaha funniest thing i've heard all day......

stability and security.... pleaaaaaaaaaaase!!!!!!!!

Who really cares about your desktop.

What about your ISP, your cut off.

What about your bank, credit card company, emergency services, hospitals and an infinate number of other targets.

It's difficult on large companies. 100's of servers can't all just be rebooted. It becomes an enormous undertaking and takes days to implement a patch on short notice. If systems don't meet the min req then you have more issues.

We should all be concerned.

Just like to state a few things.

One, this is not a polymorphic worm. Poly's have been around for a while and they are still easy to handle, obviously some are harder than others but they are not as bad as you think.

Two, If you would just turn on friggen auto update or apply the patches yourself you'd have nothing to worry about. This is just like anything, if you put a little effort towards it you have nothing to worry about.

Three, It's not possible to "Take down" the internet. The Internet was designed to withstand a nuclear holocaust, a few DoSing script kiddies is not going to take it down. Yes, if you could crash the root dns servers it would grind a lot of stuff to a hault but new DNS servers would be up faster than you can imagine, not to mention the fact that all the downstream dns servers have cached copies of all the major records. Some of which would work some of which would not. The point is that the internet, in the purest form of what the internet is, can NOT be taken down.

-Peace

due to frequent crashes I had re-installed XP on my machine the day before the worm came out. Needless to say I didn't have time to apply all the patches, especially as I'm stuck with a dial-up connection. It was really annoying to suddenly start getting these windows pop up saying something along the lines of "Windows needs to shutdown because the RPC service has stopped suddenly", with a 60 countdown going. At least it's easy enough to open a command prompt, type shutdown -a, and restart the rpc service, but still annoying none the less. Especially because I also have to use the command prompt to disconnect from the internet or copy or move files after that. Any way, I'm virus free now.

i just did "ps -ef" and found two processes with uid "rpc" and "rpcuser".
i killed them and they haven't appeared again but i want to know that wat it was?
was it the same worm trying to gain access my mandrake PC? can it access my hard drives from linux install...though two of my HD's have NTFS...so effecting them would be impossible from linux but one of them have FAT32 and i have mandrake...thus giving full access to that one drive.
what should i do? should i install a firewall and anti-virus on linux too?
though i have searched the forums and found that there is no need for doing it but i m just asking for safety sake.

btw about worm...well only those users are effected who haven't applied a patch that was released around one month back. infact you could see warnings all over the net that you should install the patch but i guess people learn only after they have been hit on their shins. i bet that people will be be more careful in having patches installed from now on

the worm exploits a security hole in windows....this hole doesnt exist in linux nor could the code run on linux unless you went throught the trouble of porting it....then i doubt it would do anything anyway.....when logged into anylinux distro you windows mount are safe from harm....

Originally posted by Hayl
imho, keeping your system up-to-date (either on your own or having someone do it for you) is part of the responsibility of having a computer.




if someone is on a dialup connection, those updates would seem to be not worth the trouble as they are service packs that range 20 to 30 megs in size and offer no obvious functionality. Kind of a detterent.

also, what about those people out there that don't have a good knowledgeable soul such as yourself that can inform them that they need to keep thier box up to date to stop this kind of thing from happening.

nobody has informed the most faithful ms customers that they should wait a year or so after the release of an os because the people who buy it first are in a sense the beta testers. that's the way they've been doing things for quite a while. aweful. and they have the nerve to claim to be secure.

and then, if they've waited then they have loads of downloads to do in order to secure they're box. and all that after paying large amounts of cash for either a computer or even just the os.

-just another rant. please forgive;)

if someone is on a dialup connection, those updates would seem to be not worth the trouble as they are service packs that range 20 to 30 megs in size and offer no obvious functionality. Kind of a detterent.


There was only 1 service pack since the release of winxp, more than 2 years ago, and sp1 contains all the security updates up to it's release date. Most security updates after the release of sp1, are less than 2mo, so even on a 56k modem it's not that bad. What would be the volume of downloads you would have to make, if you were to upgrade Redhat 8.0 to Redhat 9.0, noting that upgrades in Redhat don't have an history of working that great, when you decide to skip a version number?

What would be the volume of downloads you would have to make, if you were to upgrade Redhat 8.0 to Redhat 9.0, noting that upgrades in Redhat don't have an history of working that great, when you decide to skip a version number?

you can say that again, its almost 500M.

Originally posted by glussier
There was only 1 service pack since the release of winxp, more than 2 years ago, and sp1 contains all the security updates up to it's release date. Most security updates after the release of sp1, are less than 2mo, so even on a 56k modem it's not that bad. What would be the volume of downloads you would have to make, if you were to upgrade Redhat 8.0 to Redhat 9.0, noting that upgrades in Redhat don't have an history of working that great, when you decide to skip a version number?


The following is quoted from thier website in reference to service pack 1a for winxp:



Most users choose the Express installation to update their personal computers. The download size varies, depending on how recently you have used the Windows Update online service. The typical 30-megabyte download will take approximately 90 minutes with a dial-up connection and a 56k modem, or 3-5 minutes with a broadband Internet connection....

No need to fret thought since they allow you to order the cd for 10 american dollars. You just have to wait 2-4 weeks for delivery. And it wouldn't of course do much good if you computer won't stay turned on long enough to order it. --I'm not trying to be an a$$, I'm just saying that even after switching to Linux because of stuff like this, it still bothers me. I think one big reason I hate this is because Microsoft is constantly bashing (no pun intended) Open Source Software.

...In reference to your statement about Red Hat updates, I just don't know as I don't use Red Hat.

My ISP is really messed up because of this. I can barely get online. :( (Only certain ports work.) A friend and I called them and got a pre-recorded message about an unnamed virus attacking/infecting them or something.

My broadband is safe from most viruses since the main servers run off *nix. Sure, some of the "special members only pages" aren't working, but who needs them?? I'm content with a connection that lets me onto my favourite websites (JustLinux topping that list lol)

</rant>

Originally posted by jedthehumanoid
f someone is on a dialup connection, those updates would seem to be not worth the trouble as they are service packs that range 20 to 30 megs in size and offer no obvious functionality. Kind of a detterent.


i don't understand why you guys are arguing over installing updates?
no one is a beta tester here...everyone has a full working install.
i dual boot winxp and mdk 9.1 and i would not leave any of them without installing updates.
since i m new to mdk 9.1 i had to update it and i downloaded like 200MB of updates last night...so i m not tooting over it. wats the point in saying that MS releases updates...so does linux distros. its an integral part of any OS on earth...flaws are found and they are patched...that is how it goes. isn't it?
you talking 'bout huge updates that range from 20 to 30 megs...well i must assure you that if MS releases SP2 today the express install won't find any updates that needs to be installed on my XP. why u might ask...well i m regular to windows updates and do so regularly so no huge update files for me...
this worm is a wake up call for all those users who take life easy and don't even bother to keep one handy software switched 'on' that will update their installs "automatically".

moojuece
thanx for the info mate :)

Bringing down the internet isn't done very easily, but you could make it really slow. Just be glad the root name servers aren't running windows. :)

Maybe we should start memorizing those IP addresses of our favorite sites, just in case DNS goes down! :D

Anyway, here's something I'm wondering. WHY would someone write a virus, like this one? I mean, the slow internet's going to hurt them just as much as everyone else. Also, aren't THEY going to stand a good chance of getting infected (unless they wrote their own security patch, which isn't likely)?

How could someone smart enough to write one of these not realize that it hurts themselves as much as everyone else?

that is a question i believe many people have asked before and i wonder about everyday...
i believe it is a common saying that even dogs dont sh*t where they eat (granted my dogs eat sh*t anyway) often makes me wonder how we are the superior ones....
Originally posted by mage492


How could someone smart enough to write one of these not realize that it hurts themselves as much as everyone else?

Originally posted by mage492
Also, aren't THEY going to stand a good chance of getting infected (unless they wrote their own security patch, which isn't likely)?

Maybe they are running Linux :D (Not very likely though)

- Suramya

Originally posted by chatins

This might be a precursor to the polymorphic virus (self changing) that could bring down the net.


http://news.com.com/2009-1002_3-5062485.html?tag=fd_lede1_hed

I am curious... how is it common knowledge that a polymorphic virus will bring down the internet? How do YOU know that the end of the internet is caused by a polymorphic virus? You kind of state it as a fact... did you see it in your crystal ball?

Polymorphism

Ad-hoc polymorphism (better described as overloading) is the ability to use the same syntax for objects of different types, e.g. "+" for addition of reals and integers or "-" for unary negation or diadic subtraction. Parametric polymorphism allows the same object code for a function to handle arguments of many types but overloading only reuses syntax and requires different code to handle different types.
---------------------------------------------------------------

I'm actually typing about the overloading part. ;)