Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft

From: Davorin Vlahovic (A-Burn_at_fly.srk.fer.hr)
Date: 09/20/03 

Date: Sat, 20 Sep 2003 10:01:20 +0000 (UTC)

In article <bkgo5i$9o$1@ichaos.ichaos-int>, Juha Laiho wrote:
> And fixes to close the RPC hole used by msblast were published by
> Microsoft some months before the msblast attack, if I recall correctly.

But stuck somewhere under the carpet.
 
> If the machine in question is running NT 4.0 workstation, it might be
> that the fix is not available, as the OS is no longer supported by MS,
> in which case the firewall is the only remaining protection. But _if_
> the OS was something for which the fix was available, this infection
> was caused by user ignorance/neglicience.

Of course.

> It is unfortunate the Internet has turned this way, that everyone
> connecting to it must be acutely aware of security issues. And it is
> unfortunate the integrity of software available is what it is

Really sad.

> (for
> those starting to advocate open source software at this point, look
> at recent issues with sendmail, OpenSSH, some ftp daemons, etc; perhaps
> not as bad as Microsoft side, but not completely solid, either).

sendmail, openssh and ftp daemons bugs were fixed in some 2hrs. And were
minor bugs, easily fixed. And those bugs definitely can't cause this
much damage...

P.S.
How often do you have to patch windblows, and how often do you have to
patch some daemon under OpenSource O.S.-es?

And, BTW, if you've got unix shell account on the mail machine, you can
use procmail to stop the gwens, swens, msblasts etc...there is also
spamassassin and others...n0 s3r141 c|24ck2 n33d3d! ;) 

-- 
"The Justice Department has started investigations into the virus
monopoly by Microsoft."
Loading