Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft
From: Rev Turd Fredericks (turdfred_at_catholic.org)
Date: 09/20/03
- Next message: Rev Turd Fredericks: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Previous message: Mimic: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- In reply to: Juha Laiho: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Next in thread: Thor Kottelin: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Reply: Thor Kottelin: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Reply: Juha Laiho: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 20 Sep 2003 05:35:51 GMT
Juha Laiho wrote:
> Rev Turd Fredericks <turdfred@catholic.org> said:
>>>> My wife got the msblast virus merely by turning off her firewall
>>>> to play a game.
> ....
>>The firewall was disabled because it sometimes interferes with the
>>game, I have since fixed that and the game can be played with the
>>firewall on.
> ....
>>The only reason we found out was when she renabled her firewall, the
>>firewall warning window popped up and asked "msblast.exe requests a
>>connection to IP xxx.xxx.xxx.xxx". msblast takes advantage of an RPC
>>vulnerability.
>
> And fixes to close the RPC hole used by msblast were published by
> Microsoft some months before the msblast attack, if I recall
> correctly.
>
> If the machine in question is running NT 4.0 workstation, it might be
> that the fix is not available, as the OS is no longer supported by MS,
> in which case the firewall is the only remaining protection. But _if_
> the OS was something for which the fix was available, this infection
> was caused by user ignorance/neglicience.
Hey! I should take offence to that, but I won't. However, I guess you
could call it ignorance as I had not heard of the msblast worm until
shortly before the infection occured. I think the fix came in early-mid
july, but it didn't get a lot of fanfare, the machine got infected
around mid-August.
>
> It is unfortunate the Internet has turned this way, that everyone
> connecting to it must be acutely aware of security issues. And it is
> unfortunate the integrity of software available is what it is (for
> those starting to advocate open source software at this point, look
> at recent issues with sendmail, OpenSSH, some ftp daemons, etc;
> perhaps
> not as bad as Microsoft side, but not completely solid, either).
Yeah, the internet is a dangerous place.
- Next message: Rev Turd Fredericks: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Previous message: Mimic: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- In reply to: Juha Laiho: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Next in thread: Thor Kottelin: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Reply: Thor Kottelin: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Reply: Juha Laiho: "Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
