Anyone here been affected by the latest worm?

Discussion in 'NZ Computing' started by GraB, Aug 13, 2003.

  1. GraB

    GraB Guest

    Win98SE user would be interested to know. ;-)
    GraB, Aug 13, 2003
    #1
    1. Advertising

  2. "GraB" <> wrote in message
    news:...
    > Win98SE user would be interested to know. ;-)


    It can't infect Win98 machines.

    Cheers,
    Nicholas Sherlock
    Nicholas Sherlock, Aug 13, 2003
    #2
    1. Advertising

  3. GraB

    dOTdASH Guest

    "GraB" <> wrote in message
    news:...
    > Win98SE user would be interested to know. ;-)


    No, I applied the patch a few days after it was released. What's more I made
    sure my friends and customers did too so now they luff me :)

    Starting next week I'm going to start cold calling customers of my
    competitors and ask them how well their current IT services supplier did in
    warning them beforehand. Money for jam :)
    dOTdASH, Aug 13, 2003
    #3
  4. GraB

    cowboyz Guest

    yep. I got it. it was about 2 hours inconvience while I downloaded the
    patch and installed it and found a virus killer to kill it. No big deal
    really.


    --
    "It's what you learn after you know it all that counts."

    "GraB" <> wrote in message
    news:...
    > Win98SE user would be interested to know. ;-)
    cowboyz, Aug 13, 2003
    #4
  5. "cowboyz" <> wrote in message
    news:bhe88v$475$...
    > yep. I got it. it was about 2 hours inconvience while I downloaded the
    > patch and installed it and found a virus killer to kill it. No big deal
    > really.
    >
    >
    > --
    > "It's what you learn after you know it all that counts."
    >
    > "GraB" <> wrote in message
    > news:...
    > > Win98SE user would be interested to know. ;-)

    >
    >


    I got it about a week ago.
    At that time, no-one new what it was so I thought it was a REAL bug and
    re-installed XP.
    Imagine how pissed off I was when I discovered the problem was still there
    :-(
    Cured now though :)

    Russell
    Russell Smithies, Aug 13, 2003
    #5
  6. GraB

    Rob Guest

    "Gavin Tunney" <> wrote in message
    news:...
    > On Thu, 14 Aug 2003 02:49:09 +1200, GraB <> wrote:
    >
    > >Win98SE user would be interested to know. ;-)

    >
    > I'd be interested in knowing if it affects those behind a NAT router.
    > Can't see how it could get through one, but RPC has so many
    > dependencies anything seems possible with it.
    >


    'Aint seen hide nor hair of it behind my netgear router :)
    Rob, Aug 14, 2003
    #6
  7. GraB

    lily Guest

    Robert Mathews wrote:

    > On Thu, 14 Aug 2003 02:49:09 +1200, GraB <> wrote:
    >
    >
    >>Win98SE user would be interested to know. ;-)

    >
    >
    >
    >
    > Only if you are a Idiot..
    >
    >

    Its easy to spot the weal woger <plonk>
    lily, Aug 14, 2003
    #7
  8. Robert Mathews wrote:
    > Only if you are a Idiot..


    So you got hit pretty hard then, huh ?
    Robert Mathews, Aug 14, 2003
    #8
  9. GraB

    SteveM Guest

    (Gavin Tunney) wrote in news:3f3abfef.6707850
    @news.xtra.co.nz:

    > On Thu, 14 Aug 2003 02:49:09 +1200, GraB <> wrote:
    >
    >>Win98SE user would be interested to know. ;-)

    >
    > I'd be interested in knowing if it affects those behind a NAT router.
    > Can't see how it could get through one, but RPC has so many
    > dependencies anything seems possible with it.
    >
    > I'd also be interested in some explanations as to why this was able to
    > happen on default installations of Windows. Obviously something was
    > enabled which shouldn't have been. It's one thing to get worms like
    > this through misconfiguration by a user, but a bad config out of the
    > box is pretty poor.
    >
    > Gavin


    No problem with 3 comps behind a Nokia M11.

    SteveM
    SteveM, Aug 14, 2003
    #9
  10. GraB allegedly said:

    > Win98SE user would be interested to know. ;-)


    Win95/98/SE/ME and Linux/*BSD/MacOS/BeOS

    .....are not affected.

    Just the new MS OSes are affected.

    The ones they created after security became a major concern.
    Henry Sidgwick, Aug 14, 2003
    #10
  11. GraB

    art Guest

    On Thu, 14 Aug 2003 14:15:35 +1200, Henry Sidgwick
    <> wrote:

    >GraB allegedly said:
    >
    >> Win98SE user would be interested to know. ;-)

    >
    >Win95/98/SE/ME and Linux/*BSD/MacOS/BeOS
    >
    >....are not affected.
    >
    >Just the new MS OSes are affected.
    >
    >The ones they created after security became a major concern.


    NT is hardly new, NT 4 came out when 95 was being sold. Don't know if
    it affects older versions of NT but probably does.
    art, Aug 14, 2003
    #11
  12. GraB

    R-Slicks Guest

    Most routers perform NAT which effectively 'hides' your internal
    clients from the outside world unless you pinhole for specific
    services. As this work propogates through TCP port 135 (and others,
    once it is in) then most people behind NATing devices are unlikely to
    get it. You'd have to *really* have cocked up to have 135 open through
    the router. All users we saw affected were on dialup. Not one of our
    SLA customers got hit because a) they were already patched and b) they
    are all [I think] behind firewalls of one form or another..

    As to your second point : I doubt you will ever find software that is
    100% bug free out of the box. That's all this was, nothing more. This
    vulnerability was heavily notified by both MS and most of the dozen or
    so tech newsletters that I subscribe to so there was no real excuse
    for missing it for those in the IT world.



    On Wed, 13 Aug 2003 22:53:18 GMT, (Gavin Tunney)
    wrote:

    >On Thu, 14 Aug 2003 02:49:09 +1200, GraB <> wrote:
    >
    >>Win98SE user would be interested to know. ;-)

    >
    >I'd be interested in knowing if it affects those behind a NAT router.
    >Can't see how it could get through one, but RPC has so many
    >dependencies anything seems possible with it.
    >
    >I'd also be interested in some explanations as to why this was able to
    >happen on default installations of Windows. Obviously something was
    >enabled which shouldn't have been. It's one thing to get worms like
    >this through misconfiguration by a user, but a bad config out of the
    >box is pretty poor.
    >
    >Gavin


    --
    DO NOT reply to - it is simply a spam catch.
    You can, if you wish, try "news .at. preou .dot. com"
    R-Slicks, Aug 14, 2003
    #12
  13. GraB

    R-Slicks Guest

    On Thu, 14 Aug 2003 14:15:35 +1200, Henry Sidgwick
    <> wrote:

    >GraB allegedly said:
    >
    >> Win98SE user would be interested to know. ;-)

    >
    >Win95/98/SE/ME and Linux/*BSD/MacOS/BeOS
    >
    >....are not affected.
    >
    >Just the new MS OSes are affected.
    >
    >The ones they created after security became a major concern.



    Or, possibly, because those are the operating systems that have the
    RPC service which is the culprit.
    Security for MS didn't become a major concern until *after* NT and
    2000. It was mostly the constant explouts found in IIS that drove MS
    and its 'trustworthy computing' initiative. Ok, that's a bit of a
    generalisation, but basically the crux of it...


    --
    DO NOT reply to - it is simply a spam catch.
    You can, if you wish, try "news .at. preou .dot. com"
    R-Slicks, Aug 14, 2003
    #13
  14. On Thu, 14 Aug 2003 14:15:35 +1200, Henry Sidgwick
    <> scribbled:

    >GraB allegedly said:
    >
    >> Win98SE user would be interested to know. ;-)

    >
    >Win95/98/SE/ME and Linux/*BSD/MacOS/BeOS
    >
    >....are not affected.
    >
    >Just the new MS OSes are affected


    I wouldn't call Windows NT4.0 new..

    --
    Phillip Weston
    Taumarunui, New Zealand

    Remove the obvious spamblock to reply via e-mail.
    Phillip Weston, Aug 14, 2003
    #14
  15. GraB

    -=rjh=- Guest

    Gavin Tunney wrote:

    > On Thu, 14 Aug 2003 02:49:09 +1200, GraB <> wrote:
    >
    >>Win98SE user would be interested to know. ;-)

    >
    > I'd be interested in knowing if it affects those behind a NAT router.
    > Can't see how it could get through one, but RPC has so many
    > dependencies anything seems possible with it.


    Seems OK behind a DSE ADSL router, here. Default configuration.

    >
    > I'd also be interested in some explanations as to why this was able to
    > happen on default installations of Windows. Obviously something was
    > enabled which shouldn't have been. It's one thing to get worms like
    > this through misconfiguration by a user, but a bad config out of the
    > box is pretty poor.


    I agree; I had two phone calls about this worm last night. One was from
    in-laws who had just bought a new Compaq system running XP - it has been
    rendered unusable. The system configuration will not have been changed by
    the owner. I suggested they try the MS help desk :)

    The other call involved a friend with two systems; an XP system that I'd
    enabled the built in firewalling was not infected - why isn't the firewall
    enabled by default? An unpatched W2K laptop next to it was infected. No big
    deal, a waste of time but really quite easy to fix. Next time will probably
    be different.

    cheers
    -=rjh=-, Aug 14, 2003
    #15
  16. On Thu, 14 Aug 2003 22:34:51 +1200, "-=rjh=-" <> wrote:

    >Gavin Tunney wrote:
    >
    >> On Thu, 14 Aug 2003 02:49:09 +1200, GraB <> wrote:
    >>
    >>>Win98SE user would be interested to know. ;-)

    >>
    >> I'd be interested in knowing if it affects those behind a NAT router.
    >> Can't see how it could get through one, but RPC has so many
    >> dependencies anything seems possible with it.

    >
    >Seems OK behind a DSE ADSL router, here. Default configuration.
    >
    >>
    >> I'd also be interested in some explanations as to why this was able to
    >> happen on default installations of Windows. Obviously something was
    >> enabled which shouldn't have been. It's one thing to get worms like
    >> this through misconfiguration by a user, but a bad config out of the
    >> box is pretty poor.

    >
    >I agree; I had two phone calls about this worm last night. One was from
    >in-laws who had just bought a new Compaq system running XP - it has been
    >rendered unusable. The system configuration will not have been changed by
    >the owner. I suggested they try the MS help desk :)
    >
    >The other call involved a friend with two systems; an XP system that I'd
    >enabled the built in firewalling was not infected - why isn't the firewall
    >enabled by default? An unpatched W2K laptop next to it was infected. No big
    >deal, a waste of time but really quite easy to fix. Next time will probably
    >be different.
    >
    >cheers




    And why did you not install the MS Updates..?
    Robert Mathews, Aug 14, 2003
    #16
  17. "-=rjh=-" <> wrote in message
    news:...
    > The other call involved a friend with two systems; an XP system that I'd
    > enabled the built in firewalling was not infected - why isn't the firewall
    > enabled by default? An unpatched W2K laptop next to it was infected. No

    big

    The firewall in XP is enabled by default. Gets enabled when you create a
    dialup connection, meanwhile if you're on a LAN and run the networking
    wizard it configured ICF firewall too
    Nathan Mercer, Aug 14, 2003
    #17
  18. Thus spake cowboyz:
    > yep. I got it. it was about 2 hours inconvience while I downloaded the
    > patch and installed it and found a virus killer to kill it. No big deal
    > really.

    Assuming nobody downloaded your personal files in the meantime ;)
    --
    aaronl at consultant dot com
    http://homepages.visp.co.nz/~aaronlawrence
    ...Gross Ignorance: 144 times worse than ordinary ignorance.
    Aaron Lawrence, Aug 14, 2003
    #18
  19. "GraB" <> wrote in message
    news:...
    > On Thu, 14 Aug 2003 07:21:13 +1200, "Nicholas Sherlock"
    > <> wrote:
    >
    > >"GraB" <> wrote in message
    > >news:...
    > >> Win98SE user would be interested to know. ;-)

    > >
    > >It can't infect Win98 machines.
    > >
    > >Cheers,
    > >Nicholas Sherlock
    > >

    > Yes, I know. That is why I was smiling.


    Ah, okay :).

    Cheers,
    Nicholas Sherlock
    Nicholas Sherlock, Aug 14, 2003
    #19
  20. GraB

    Gavin Tunney Guest

    On Thu, 14 Aug 2003 21:45:47 +1200, R-Slicks <>
    wrote:

    >Most routers perform NAT which effectively 'hides' your internal
    >clients from the outside world unless you pinhole for specific
    >services. As this work propogates through TCP port 135 (and others,
    >once it is in) then most people behind NATing devices are unlikely to
    >get it. You'd have to *really* have cocked up to have 135 open through
    >the router. All users we saw affected were on dialup. Not one of our
    >SLA customers got hit because a) they were already patched and b) they
    >are all [I think] behind firewalls of one form or another..
    >
    >As to your second point : I doubt you will ever find software that is
    >100% bug free out of the box. That's all this was, nothing more. This
    >vulnerability was heavily notified by both MS and most of the dozen or
    >so tech newsletters that I subscribe to so there was no real excuse
    >for missing it for those in the IT world.
    >


    You think so? Ok how about telling us all why port 135 was open in the
    first place.

    That, incidentally, is the most important issue from a technical
    perspective. It also happens to be the one MS keep evading.

    Gavin
    Gavin Tunney, Aug 15, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike W.
    Replies:
    2
    Views:
    2,077
    Darren Green
    Apr 17, 2004
  2. Film Buff
    Replies:
    2
    Views:
    493
    Werewolf
    Nov 9, 2004
  3. Lord Shaolin
    Replies:
    6
    Views:
    2,553
    John Tate
    Aug 20, 2003
  4. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    650
    code_wrong
    May 15, 2004
  5. Imhotep
    Replies:
    4
    Views:
    607
    Edw. Peach
    Jan 30, 2006
Loading...

Share This Page