Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Page 1 of 2 1 2 >
Topic Options
#175657 - 18/08/2003 11:32 Viral Hell
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
Greetings!

Is anyone else in viral hell at the moment? Pretty tame from NAI's perspective, but it is causing havoc in the office. (Not a small task, or small network.)
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#175658 - 18/08/2003 12:02 Re: Viral Hell [Re: pgrzelak]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
Wait, it's payload is WHAT?! It tries to patch your machine to protect it from getting the same virus again?!?! That just seems bizaare.

Top
#175659 - 18/08/2003 12:04 Re: Viral Hell [Re: pgrzelak]
RobotCaleb
pooh-bah

Registered: 15/01/2002
Posts: 1866
Loc: Austin
if it takes care of itself, whats the big deal?

Top
#175660 - 18/08/2003 12:11 Re: Viral Hell [Re: RobotCaleb]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
if it takes care of itself, whats the big deal?

The side effects:

As for the W32/Lovsan.worm, some systems may be in a “crash loop” where each time the system is restarted, SVCHOST.EXE crashes and the user has 60 seconds before the system restarts. This action can continue to happen even after the virus is removed if the patch is not applied.

Basically, the exploit might fail, leaving the patch unapplied and the system screwed.

Gareth

Top
#175661 - 18/08/2003 12:12 Re: Viral Hell [Re: g_attrill]
RobotCaleb
pooh-bah

Registered: 15/01/2002
Posts: 1866
Loc: Austin
yeah, thats a byproduct of installing windows. no big deal, were all used to it
:P

Top
#175662 - 18/08/2003 12:22 Re: Viral Hell [Re: RobotCaleb]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
The results are far worse, as the machine starts spamming your intranet with malformed ICMP packets and tests on port 135... Trust me, it can slow things down immensely...
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#175663 - 18/08/2003 12:28 Re: Viral Hell [Re: pgrzelak]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
Don't get me wrong. I can surely see how it could be an issue, but what a bizaare payload. Not exactly deleting all your system files.

Top
#175664 - 18/08/2003 13:10 Re: Viral Hell [Re: pgrzelak]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
From a part time university sys admin who got stuck dealing with blaster last week while everyone was away at training, I'm really wishing this had hit a few days earlier. I havn't actually seen any infections of the new one yet, but move in day is tomorrow so we're going to have a whole load of unpatched systems coming online.

Matthew

Top
#175665 - 18/08/2003 15:18 Re: Viral Hell [Re: g_attrill]
RobotCaleb
pooh-bah

Registered: 15/01/2002
Posts: 1866
Loc: Austin
lol
read the first few paragraphs
http://radio.weblogs.com/0001011/

Top
#175666 - 18/08/2003 16:28 Re: Viral Hell [Re: pgrzelak]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
I'm so glad that I am still running Win98SE
_________________________
Laura

MKI #017/90

whatever

Top
#175667 - 19/08/2003 00:43 Re: Viral Hell [Re: Laura]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
I'm so glad that I am still running Win98SE

I'm so glad that I installed the patch for that problem when it came out, rather than waiting until the worm happened .

I'm also glad that I'm behind a firewall, so most of this sh*t doesn't get to me anyway.
_________________________
-- roger

Top
#175668 - 19/08/2003 04:17 Re: Viral Hell [Re: Roger]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
<cough>

Trust me. We installed the patch. We are behind a firewall. Unfortunately, it only takes a few clueless individuals (and in a huge corporation, there are plenty) to get infected badly enough to bring down a rather large and complex network.

Just like driving in traffic - no matter how careful you are, it only takes one person to cause an accident that (at best) leaves you stranded for hours.
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#175669 - 19/08/2003 05:11 Re: Viral Hell [Re: pgrzelak]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
Yup! And we've got plenty of them here.

Top
#175670 - 19/08/2003 05:54 Re: Viral Hell [Re: pgrzelak]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
So true, Paul. We only have 17 people in our office, and half of them have no clue what that little globe is that keeps giving them little messages. We keep telling them and they keep forgetting. I think the problem is the inevitable restarting of their machines, which is just too much of an inconvenience.

My girlfriend's father got the MSblaster worm, and it gave me a reason to play high speed internet advocate for the rest of his family. I told him that I would have run Update on his machine already, but since he's never done it since he got his computer, he had about 45MB of stuff to download over dialup. It was a good argument for a cable modem
_________________________
Matt

Top
#175671 - 19/08/2003 06:22 Re: Viral Hell [Re: Dignan]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
Broadband is a big help when dealing with the patches an autoupgrades! You might want to also consider a Terminal Services, VNC or PC Anywhere if you have to do a lot "remote management" of his machine...
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#175672 - 19/08/2003 07:03 Re: Viral Hell [Re: Dignan]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
It was a good argument for a cable modem

I used a similar argument to persuade my girlfriend to get DSL.

Well, to be strictly accurate, she let me get DSL at her flat. I pay for it, but she uses it.

Now she just needs a computer that can keep up with it.
_________________________
-- roger

Top
#175673 - 19/08/2003 07:16 Re: Viral Hell [Re: Roger]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
Now she just needs a computer that can keep up with it.
That was another method I used. Her father's PC was painfully slow, and I had the thought that if I could speed it up, he'd start getting used to high-speed computing, and grow intollerant of low-speed internet. Turns out Dell sold him a WinXP machine with 128MB of RAM (not sure why). I slapped 512 in there and now dialup is painfully slow in comparison
_________________________
Matt

Top
#175674 - 19/08/2003 07:31 Re: Viral Hell [Re: Roger]
cushman
veteran

Registered: 21/01/2002
Posts: 1380
Loc: Erie, CO
I've been pretty careful about being behind a firewall and not allowing access to ANY ports, but one thing bit me in the butt when this happened. I neglected to realize that when I VPN'd into my company's network, I am no longer behind my firewall. I'm within their firewall, but you get one guy who has his laptop at home on his cable modem, brings it into work the next day, BAM.

Sucks.
_________________________
Mark Cushman

Top
#175675 - 19/08/2003 07:51 Re: Viral Hell [Re: Dignan]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
That's nothing. I know somebody who has a 2mbit cable connection that for some reason known only to him is connected to a 486DX33. He saw the adverts about how Blueyonder would make your internet a much better experience etc... and decided to get it. It's only got a 200MB hard disk as well to make it worse.

I really do wonder what he uses it for. It can't be for downloading huge files since he's only got a 200MB disk and he can't be playing online games.

Top
#175676 - 19/08/2003 11:51 Re: Viral Hell [Re: tman]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
porn.
_________________________
~ John

Top
#175677 - 19/08/2003 11:56 Re: Viral Hell [Re: JBjorgen]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Hmm... 8bpp porn? Look at that dithering

Top
#175678 - 19/08/2003 11:58 Re: Viral Hell [Re: tman]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Nah. ASCII porn.
_________________________
Bitt Faulk

Top
#175679 - 19/08/2003 12:01 Re: Viral Hell [Re: cushman]
genixia
Carpal Tunnel

Registered: 08/02/2002
Posts: 3411
Yeah, firewalls are completely ineffective at preventing the spread of email-based virii. Virus scanners, vigilence and avoiding M$ email clients appears to be the best prevention.
_________________________
Mk2a 60GB Blue. Serial 030102962 sig.mp3: File Format not Valid.

Top
#175680 - 19/08/2003 12:04 Re: Viral Hell [Re: genixia]
genixia
Carpal Tunnel

Registered: 08/02/2002
Posts: 3411
Speaking of Virii, is anybody else getting hit by
Sobig? It looks like all my friends got infected this morning.
_________________________
Mk2a 60GB Blue. Serial 030102962 sig.mp3: File Format not Valid.

Top
#175681 - 19/08/2003 12:28 Re: Viral Hell [Re: genixia]
pca
old hand

Registered: 20/07/1999
Posts: 1102
Loc: UK
Yes, I've had a dozen copies in the last two or three hours. Who here has an address book with the following addresses in it:

tuners@rtr.ca
rvoisey@sonicblue.com
willrichpi@aol.com
pca@pcats.co.uk
info@avir.sk

It would seem to be someone connected with the empeg bbs or empeg itself. They all seem to have come from a machine running outlook express 6.00.2600.0000, and have the line "X-MailScanner: Found to be clean" in them, which is amusing.

pca
_________________________
Experience is what you get just after it would have helped...

Top
#175682 - 19/08/2003 13:21 Re: Viral Hell [Re: Roger]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31604
Loc: Seattle, WA
Well, to be strictly accurate, she let me get DSL at her flat.
Isn't that going to be your (collective) flat pretty soon anyway?
_________________________
Tony Fabris

Top
#175683 - 19/08/2003 13:23 Re: Viral Hell [Re: tfabris]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Isn't that going to be your (collective) flat pretty soon anyway?

Yeah. So it's a good thing that the DSL is already there .
_________________________
-- roger

Top
#175684 - 19/08/2003 18:19 Re: Viral Hell [Re: pca]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
My inbox collected 24,000 virus warning messages from our company this afternoon. Starting at 11:27. Good thing our email virus scanner was up to the minute. I personally recieved 148 of the messages. Outnumbered my real email 10-1.

Top
#175685 - 19/08/2003 20:03 Re: Viral Hell [Re: pca]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14497
Loc: Canada
yeah, major avalanche of junkmail all of a sudden today -- like the power finally got back on to 100% in NYC or something.

There are only 16 people that have *ever* sent email to tuners@rtr.ca.. I wonder which of the 17 is flubbed ?

Cheers

Top
#175686 - 19/08/2003 21:14 Re: Viral Hell [Re: pgrzelak]
Daria
carpal tunnel

Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
Today was the day I finally updated sendmail to use MIMEdefang, updated MIMEdefang to add some useful SpamAssassin headers, updated sieve to filter on those headers, and installed a virus checker on my mail server. And I don't even have Windows, it was just annoying me.

Top
Page 1 of 2 1 2 >