Announcement

Collapse
No announcement yet.

Zotob worm

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zotob worm

    http://seattletimes.nwsource.com/htm...webworm16.html

    http://www.nytimes.com/2005/08/17/te...rtner=homepage

    *points*
    *snicker snicker*

    This is why OS diversity is so important.
    Last edited by alienSkull; August 16, 2005, 20:31. Reason: Added 2nd link.
    Jim

    Nothing to do, execpt hold on to nothing!!!

  • #2
    Originally posted by alienSkull
    <snip>This is why OS diversity is so important.
    Yep. Years ago when "I LUV YOU" hit we lost all our JPGs, except for the ones on Apple servers. At the very least, you should not backup data from one OS to the a server with the same OS.
    --BC,

    Comment


    • #3
      This is the risk we run now-a-days... What I found overly funny and worth snickering at was when that kid broke into the NASA intranet . Rather embarrasing, I'd say... Or even the research done on Pentagon network security which showed it to be a piece of Emmental cheese. Makes me think of The Net...
      42

      Comment


      • #4
        Originally posted by alienSkull
        This is why OS diversity is so important.
        As soon as you come up with a foolproof plan for showing the technically-illiterate how to use something other than Windows, I'll agree with you. Meantime, it doesn't mean squat while the users are still dumb enough to click on attachments in email despite having no idea who they're from.

        Comment


        • #5
          Skroo is more than correct on that; you see it everyday in the office (if you work in IT); most of the time I get the reply of "I swear I didnt download anything" and lo and behold they did..they just dont understand that when you download an email attachment; its downloading :(

          I have to go with skroo on this though..why change around OS's for saving data; when humans are the reason for the virus...you just cant stop it...:\
          A paranoid is someone who knows a little of what's going on.
          -
          William S. Burroughs

          Comment


          • #6
            The articles in the links posted previous are a bit of exaggeration, in my opinion. I've seen both the source, and watched it active in memory - as of now zotob.a and zotob.b (which is all they knew of during time article was written) can only touch Win2k boxes that are unpatched. They cannot touch XP, XP SP2, 2k3 server, or anything else of that sort. That is not to say that they cannot morph as it does have an updating feature quite like a few others we've seen. Symantec's report is in err, and has been confirmed with TrendMicro here. (At time of posting, they were aware of .c, and it's new e-mail propagation setup)

            With .d ... Trendmicro states "Note that this propagation routine works only on Windows NT and 2000, because the Microsoft Windows Plug and Play vulnerability has inherent characteristics that prevent this worm from exploiting it on Windows XP and Server 2003. " which is what it's just a bit worse than the previous variants.

            I feel it's overblown, and people are trying to over dramatize something that isn't all that threatening in comparison to something we've seen in the past, like Code Red or variants.

            Qu|rk-

            Comment


            • #7
              Originally posted by skroo
              As soon as you come up with a foolproof plan for showing the technically-illiterate how to use something other than Windows, I'll agree with you. Meantime, it doesn't mean squat while the users are still dumb enough to click on attachments in email despite having no idea who they're from.
              This is why 99% of the attachments are blocked on my mail server and instead the end users get an e-mail explaining that the attachment was blocked and to contact their site admin to get the attachement. The site admin will then check and make sure that it's a safe attachment and forward it on. All files that could cause problems are removed by default and the sender then has to resend it using another extention and and then it starts at step one above.

              Upper management didn't like that when I started and put in my BOFH rules but now they are happy when they see other companies having issues and we're yet to have one problem since I took over the security of our company.

              Sometimes the IT department just needs to step on a few toes and stand their ground to show what's best for the company.

              Comment


              • #8
                Originally posted by audit
                Sometimes the IT department just needs to step on a few toes and stand their ground to show what's best for the company.
                While I agree with you, one part of my job makes me responsible for the security of approximately 60,000 (yes, sixty *thousand*) desktops. We do have email filtering in place, but also a massive management bureaucracy in terms of implementing a solution like this, as well as a staffing issue to address in that we'd need several full-time employees to handle only this issue. For the environment I'm working in, what would be your suggestion for how to implement it?

                Comment


                • #9
                  When I ran SP2 at work I was surprised and incredibly annoyed that IE warns me when I click a link to download something, warns me when its downloaded, warns me when I try to open it, then warns me its got scripting in it. I KNOW! That's why I freakin' downloaded it!
                  </rant>

                  But I've slowly come to learn that users in the real world really need this stuff. And still they have problems. And since things like this have been happening for years, I can't see people wising up in the near future.
                  "There are those who do the work and those who take the credit. I try to be in the first group, there is less competition there." -- Gandhi

                  Comment


                  • #10
                    Originally posted by skroo
                    While I agree with you, one part of my job makes me responsible for the security of approximately 60,000 (yes, sixty *thousand*) desktops. We do have email filtering in place, but also a massive management bureaucracy in terms of implementing a solution like this, as well as a staffing issue to address in that we'd need several full-time employees to handle only this issue. For the environment I'm working in, what would be your suggestion for how to implement it?
                    Without knowing more about your environment and much more then I'm sure then your willing to go into here, I can't really say. We have 5 locations and over 100,000 systems on our network. I handle the wireless side and with that comes over 5k CISCO Ap's and also handle the main security of the company so believe me, I'm busy all the time with wireless issues on top of the daily security issues.

                    It took me awhile to get this working as the end users were bitching up a major storm. But our VP of Technology stepped up to bat for us and took the hit. Training the other site admin's was a piece of cake because I'm lucky enough to work with people that actually know what the hell they are doing.

                    What kind of e-mail filtering are you using? If you don't want to talk about it in public, PM me and we can talk, I may be able to help come up with a solution.

                    Comment


                    • #11
                      Originally posted by audit
                      What kind of e-mail filtering are you using? If you don't want to talk about it in public, PM me and we can talk, I may be able to help come up with a solution.
                      I think you missed the point of what I was getting at somewhat.

                      Originally posted by skroo
                      We do have email filtering in place, but also a massive management bureaucracy in terms of implementing a solution like this, as well as a staffing issue to address in that we'd need several full-time employees to handle only this issue.
                      This is what's crucial: it's already in place, but to make it more effective we'd have to go through executive management - and that's not going to happen. Believe me, this isn't an implementation issue but rather one of bureaucracy.

                      Comment


                      • #12
                        One of the most idiotic things I ever heard was from my mom's work. She told me after a particular virus had been publicized and just so happened that one of her co-workers received it in their email, they decided to open it because they wanted to see what it would do.

                        Makes you wonder if some people do this kind of thing on work computers for that exact reason and then play innocent. A good way to get out of doing work for awhile maybe.

                        Comment


                        • #13
                          "Just when you think you have the idiots pegged....God created a better idiot."
                          (I heard that somewhere too)

                          Anyway. To me, is seems like the virus writers are kind of dumb. Here's my reasoning:

                          OSX is a Linux-based OS. Linux is a Unix-based OS. Windows is written in C, I believe.

                          If a person wanted to put out a virus that would actually do something instead of these nerdy ones, they should take that into consideration. Make one that will run on all three. Yes, it would take time but hell, at least it would be a work of art instead of stealing the same bogus code time after time. Besides...you are going to jail anyway if you make it....so why not do your best?
                          -Ridirich

                          "When you're called upon to do anything, and you're not ready to do it, then you've failed."

                          Commander W.H. Hamilton

                          Comment


                          • #14
                            Originally posted by Ridirich
                            OSX is a Linux-based OS. Linux is a Unix-based OS. Windows is written in C, I believe.
                            Actually, Mac OS X is more closely related to a BSD variation,
                            Linux can't really be UNIX (due to legal issues WRT name) but is a UNIX-like OS,
                            And different parts of different MS OS are coded in several different languages (one of which has been C in the past.)
                            (An OS includes its core/kernel, its support applications, tools, CLI commands, etc.)

                            If a person wanted to put out a virus that would actually do something instead of these nerdy ones, they should take that into consideration. Make one that will run on all three. Yes, it would take time but hell, at least it would be a work of art instead of stealing the same bogus code time after time. Besides...you are going to jail anyway if you make it....so why not do your best?
                            There has been multi-platform, multi architecture malware built before. Several have been built in such a way as to have two sections with specific partitioning of space between the parts based on the system of attack.
                            However, there was one [multi-platform, same architecture] a few years back that actually used shared instructions for both parts in attacking different systems.*

                            Some malware examples:
                            Sadmind (Solaris.Windows) (2001? 2002?)
                            W32.Peelf (Linux/Windows) (PoC:virus)
                            And Simile(virus)*

                            Search on keywords "Multiplatform worm"
                            Last edited by TheCotMan; September 18, 2005, 10:09. Reason: spelling

                            Comment


                            • #15
                              Originally posted by skroo
                              As soon as you come up with a foolproof plan for showing the technically-illiterate how to use something other than Windows, I'll agree with you. Meantime, it doesn't mean squat while the users are still dumb enough to click on attachments in email despite having no idea who they're from.
                              Which is exactly why Bill Gates will continue to have 30 billion to give to charity every few decades.
                              Did Everquest teach you that?

                              Comment

                              Working...
                              X