Re: [MLUG] SANS on the W32/Blaster worm

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] SANS on the W32/Blaster worm
From: John Engelbrecht <EMAIL:PROTECTED>
Date: Sat, 16 Aug 2003 20:35:31 -0500 (CDT)
In-reply-to: <EMAIL:PROTECTED>
List-archive: <http://mlug.missouri.edu/pipermail/members>
List-help: <mailto:EMAIL:PROTECTED>
List-id: MLUG Members <members.mlug.missouri.edu>
List-post: <mailto:EMAIL:PROTECTED>
List-subscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
List-unsubscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

I heard that everyone that tried to update
their windows with the windows update server are inffected
with the MSBlast worm, that includes the patches given to
MS Subscribers.

>From what I heard they are safe now, or so they say.

I find this event so funny even though it is not funny
to some or most people. Microsoft screwed themselves over,
by sending their subscribed customers a virus.

On Thu, 14 Aug 2003, Mike Miller wrote:

> FYI...
>
>                  -- Security Alert Consensus --
>                        Number 032 (03.32)
>                   Thursday, August 14, 2003
>                        Created for you by
>             Network Computing and the SANS Institute
>                       Powered by Neohapsis
>
> ----------------------------------------------------------------------
>
> About the W32/Blaster worm: Yeah, it was painful, but it could have been
> worse. That is, unless you allow arbitrary TFTP traffic to pass through
> your network and gateways.
>
> Come on folks, this is not a well-written worm. Its method of scanning
> for new hosts is slow and not as effective as it could be. It requires
> not only port 135 access but also port 69 (TFTP) access. Just imagine
> if the worm pulled everything in over the established connection (rather
> than using TFTP) and it was more efficient at scanning. If you think
> the current incarnation was a nightmare....
>
> One common situation popped up often enough that we feel it important
> to comment. Many folks locked down their gateways and checked their
> perimeter servers for vulnerability. Satisfied that nothing could come
> in from the Internet, they were humbled when an internal employee
> brought in an infected laptop from home. Sure, the servers were OK, but
> the desktops proved to be a fertile worm incubation playground.
>
> Moral to the story: Security doesn't stop at the perimeter. From the
> mightiest of servers to the lowliest of desktops, and all print servers
> in-between, everything needs to be patched when dealing with a
> nondiscriminatory worm.
>
> CERT writeup of the W32/Blaster worm:
> http://archives.neohapsis.com/archives/cert/2003-q3/0008.html
>
> Until next week,
> --Security Alert Consensus Team
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members
>
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- Re: [MLUG] SANS on the W32/Blaster worm
  - From: John Engelbrecht <EMAIL:PROTECTED>
- RE: [MLUG] SANS on the W32/Blaster worm
  - From: "F Vernon Green" <EMAIL:PROTECTED>

References:
- [MLUG] SANS on the W32/Blaster worm
  - From: Mike Miller <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] GNOME 2 Manual Menu Hacking
Next by Date: Re: [MLUG] SANS on the W32/Blaster worm
Previous by thread: [MLUG] SANS on the W32/Blaster worm
Next by thread: Re: [MLUG] SANS on the W32/Blaster worm
Index(es):
- Date
- Thread