| Author | Message | Time |
|---|---|---|
| iago | http://www.microsoft.com/security/incident/sasser.asp To quote: [quote]Microsoft teams have confirmed that the Sasser worm (W32.Sasser.A and its variants) is currently circulating on the Internet.[/quote] Thank God these guys are getting paid a small fortune! [quote]If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.[/quote] Thank God they have confidence in their own software! <Edit: Spelling> Thanks for spelling suggestion from Trust: [quote][19:25:42] Trust: They have a lot of truts in their products, eh?[/quote] (the guy who can't spell his own name) | May 6, 2004, 12:27 AM |
| Null | [quote] If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.[/quote] This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic) | May 6, 2004, 12:30 AM |
| hismajesty | [quote]iago: omg iago: " if you use the firewall included with Windows XP, the Sasser worm is most likely blocked" iago: WTF? iago: "most likely"? me: lol me: They have a lot of truts in their products, eh? me: trust even iago: I'll say! iago: Trust can't spell trust. Ouch, the irony![/quote] | May 6, 2004, 12:32 AM |
| Skywing | [quote author=effect link=board=2;threadid=6674;start=0#msg58736 date=1083803436] [quote] If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.[/quote] This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic) [/quote]Obviously, if you configure the firewall to not block the necessary ports, it won't do you any good. Of course, it also won't do you any good if somebody brings an infected machine into the network behind the firewall... | May 6, 2004, 12:35 AM |
| Null | [quote author=Skywing link=board=2;threadid=6674;start=0#msg58738 date=1083803729] [quote author=effect link=board=2;threadid=6674;start=0#msg58736 date=1083803436] [quote] If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.[/quote] This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic) [/quote]Obviously, if you configure the firewall to not block the necessary ports, it won't do you any good. Of course, it also won't do you any good if somebody brings an infected machine into the network behind the firewall... [/quote] We have a stiff policy against this (however there is defiently no way to be 100% sure) , the moral of the story is dont listen to anything microsoft says. edit: And keep your system up to date ;) | May 6, 2004, 12:38 AM |
| Myndfyr | pshh. I have that Linksys router and we have experienced 0 infections. | May 6, 2004, 12:53 AM |
| LW-Falcon | I use Sygate Firewall and if it gets past that then I always got The Cleaner and McAfee Virus Scan. ;) | May 6, 2004, 12:54 AM |
| hismajesty | This should be in the Fun Forum | May 6, 2004, 12:57 AM |
| peofeoknight | I do not know much about sasser... just what i have seen in headlines really. Does it do a sort of port scan when it looks for ips? If that is the case then if you are behind a hardware firewall on your router and your ports are stealth you would be pretty safe. | May 6, 2004, 4:43 AM |
| hismajesty | It randomly generates an IP. | May 6, 2004, 11:08 AM |
| Grok | [quote author=effect link=board=2;threadid=6674;start=0#msg58739 date=1083803920] [quote author=Skywing link=board=2;threadid=6674;start=0#msg58738 date=1083803729] [quote author=effect link=board=2;threadid=6674;start=0#msg58736 date=1083803436] [quote] If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.[/quote] This is completly un-true we have hardware and software firewalls here at work , and we were infected (quite seriously). We are still feeling the effects from it , as some systems are still infecrted (Extra high network traffic) [/quote]Obviously, if you configure the firewall to not block the necessary ports, it won't do you any good. Of course, it also won't do you any good if somebody brings an infected machine into the network behind the firewall... [/quote] We have a stiff policy against this (however there is defiently no way to be 100% sure) , the moral of the story is dont listen to anything microsoft says. edit: And keep your system up to date ;) [/quote] Yes, there is a way. Learn how to use your DHCP server. If you only allocate LAN IPs to trusted machines, those you have built and know the MAC address of, no contractor or manager can hook a laptop up to your network and infect it. If you make their only connect method via terminal server or VPN, you are controlling your own LAN. Accept responsibility for your own LAN and own machines. | May 6, 2004, 11:29 AM |
| Mephisto | [quote author=effect link=board=2;threadid=6674;start=0#msg58739 date=1083803920] the moral of the story is dont listen to anything microsoft says. [/quote] Why do you insist on thinking that? I'm so sick of people who just randomly *hate* Microsoft and pretend that everything they say is BS and all of their products are, etc. | May 6, 2004, 2:24 PM |
| SNiFFeR | My entire school is infected with it. I'm cracking up in their faces because nobody listened to me when it happened. | May 6, 2004, 2:50 PM |
| Newby | [quote author=SNiFFeR link=board=2;threadid=6674;start=0#msg58792 date=1083855042] My entire school is infected with it. I'm cracking up in their faces because nobody listened to me when it happened. [/quote] My school has Mac's so I don't think you can infect those. :P! | May 6, 2004, 3:11 PM |
| iago | [quote author=Mephisto link=board=2;threadid=6674;start=0#msg58790 date=1083853479] [quote author=effect link=board=2;threadid=6674;start=0#msg58739 date=1083803920] the moral of the story is dont listen to anything microsoft says. [/quote] Why do you insist on thinking that? I'm so sick of people who just randomly *hate* Microsoft and pretend that everything they say is BS and all of their products are, etc. [/quote] Note my quotations - they aren't even sure what they're doing :P | May 6, 2004, 4:02 PM |
| hismajesty | My school is/was (I think it's mostly gone since they weren't shutting down today) infected with it as well. | May 6, 2004, 7:47 PM |
| Fr0z3N | I don't think I've ever been infected with anything :D Router + Firewall :P | May 6, 2004, 8:32 PM |
| Mephisto | I believe the Sasser worm only affects Windows 2000 and Windows XP variants. Anything above or before those versions of Windows aren't at risk of the Sasser worm, at least that's what I'm thinking. Because...I have no firewalls set up (yet) and I haven't been affected, and the support Websites for Sasser worm on Microsoft's Website doesn't have a tool for removing or detecting the Sasser worm on other versions besides Windows XP and 2000. | May 6, 2004, 10:19 PM |
| iago | It uses an exploit in LSASS, which is new to win2k+ I think. | May 6, 2004, 10:23 PM |
| hismajesty | [quote author=Mephisto link=board=2;threadid=6674;start=15#msg58832 date=1083881947] I believe the Sasser worm only affects Windows 2000 and Windows XP variants. Anything above or before those versions of Windows aren't at risk of the Sasser worm, at least that's what I'm thinking. Because...I have no firewalls set up (yet) and I haven't been affected, and the support Websites for Sasser worm on Microsoft's Website doesn't have a tool for removing or detecting the Sasser worm on other versions besides Windows XP and 2000. [/quote] There's a fix at microsofts website, iirc. If not, trendmicro.com has one. | May 6, 2004, 10:59 PM |
| Grok | While I cannot predict which Windows OS vulnerability will be found and exploited next month, I can predict with 100% certainty that it will come as a shock to everyone. Most people who were hit by Sasser will still not have a firewall to protect them, nor will they have patched their machines. On top of that, they'll still be surfing the web while logged on as the Administrator account. | May 7, 2004, 12:09 AM |
| Null | [quote author=Mephisto link=board=2;threadid=6674;start=0#msg58790 date=1083853479] [quote author=effect link=board=2;threadid=6674;start=0#msg58739 date=1083803920] the moral of the story is dont listen to anything microsoft says. [/quote] Why do you insist on thinking that? I'm so sick of people who just randomly *hate* Microsoft and pretend that everything they say is BS and all of their products are, etc. [/quote] Are your blind or do u live under a rock? , Microsoft *continually* make totally vulnerbale software and realease it too hastly to the market. The fact that they can afford to do this really gets to me and im sure alot of other people. So your statement about my distest for them being random is not correct , there are also many other reasons why i have bones to pick with Microsoft. | May 7, 2004, 12:55 AM |
| Myndfyr | [quote author=effect link=board=2;threadid=6674;start=15#msg58870 date=1083891358] [quote author=Mephisto link=board=2;threadid=6674;start=0#msg58790 date=1083853479] [quote author=effect link=board=2;threadid=6674;start=0#msg58739 date=1083803920] the moral of the story is dont listen to anything microsoft says. [/quote] Why do you insist on thinking that? I'm so sick of people who just randomly *hate* Microsoft and pretend that everything they say is BS and all of their products are, etc. [/quote] Are your blind or do u live under a rock? , Microsoft *continually* make totally vulnerbale software and realease it too hastly to the market. The fact that they can afford to do this really gets to me and im sure alot of other people. So your statement about my distest for them being random is not correct , there are also many other reasons why i have bones to pick with Microsoft. [/quote] Microsoft may *continually* make vulnerable software, and it may release it too hastily to the market, but the real fact of the matter is that, when you're developing software that is intended to run on 90% or more of the market, there is simply too much to be able to check everything. It's not a bad thing that Microsoft has to patch their software once a month. Who really cares? "Oh, it's SOOOO inconvenient that I have to update this software once a month. I'm getting carpal tunnel from going to Windows Update!" As Grok pointed out, if you're running in a secure environment, such a thing as the Sasser worm shouldn't get you. I'm behind a firewall, and it never came close. That's all it took. No internet connection firewall, not even a virus scanner (as of right now). Ooooohhh. The reason you don't hear about a mass virus attacking Linux is simply because there is no such thing as mass Linux. If there was an exploit on one of the major flavors of Linux (there are five, correct?), that might hit about 1% of all total mainstream (home) computer users that aren't behind a firewall. No major news outlets will cover the "massive outbreak of the Penguin Death worm!" nor will any hackers gain much fame from it. There might be a short little article on /., and that will be that. The publisher will fix it, and the world will be none the wiser -- giving the l33t c0d3r absoltely no reason to even bother with making it in the first place. To quote a famous person -- "you'll get over it." | May 7, 2004, 3:45 AM |
| Grok | [quote author=effect link=board=2;threadid=6674;start=15#msg58870 date=1083891358]Are your blind or do u live under a rock? , Microsoft *continually* make totally vulnerbale software and realease it too hastly to the market. The fact that they can afford to do this really gets to me and im sure alot of other people. So your statement about my distest for them being random is not correct , there are also many other reasons why i have bones to pick with Microsoft.[/quote] I am neither blind nor live under a rock. Not sure why you have a problem with blind people, but we won't address your anger against them, at least in this topic. What is "totally vulnerable" software? Does that mean every line of code is vulnerable? Or just every feature? Every product? Every web page? Either clarify or retract it, because I think you just proportionalized it for effect of argument. Release too hastily? Most of the world depends on Microsoft to innovate and release, so they can drive their businesses with these products. They demand that Microsoft release as soon as a product is anywhere near stability. It is business that drives the software market, determines which features are added. Microsoft listens to the money, follows the money, and implements features as fast as their 225,000 programmers possibly can do. Horrors, are there bugs in the millions of lines of code they write every year? OMG! They should be ashamed. But I'll tell you what... I write some of the best error-free code of any programmer (of those I know personally) and most Microsoft public-released code is better than mine. That Microsoft only has a few dozen patches a year is simply incredible. Microsoft has the best, longest-lasting, most accurate, most productive, most efficient, product delivery lifecycle in the history of software development. What are your other bones to pick? | May 7, 2004, 5:36 AM |
| AC_Drkan | Yeah i had sasler attack my computer Zonealarm is actually pretty cool. OH BTB One of my relatives (cough cough) Wroks in the IRS. It SHUT DOWN THE IRS no joke | May 7, 2004, 3:34 PM |
| Adron | [quote author=AC_Drkan link=board=2;threadid=6674;start=15#msg58928 date=1083944057] It SHUT DOWN THE IRS [/quote] Sasser is a friend of Grok's? | May 7, 2004, 4:47 PM |
| Myndfyr | [quote author=Adron link=board=2;threadid=6674;start=15#msg58934 date=1083948472] [quote author=AC_Drkan link=board=2;threadid=6674;start=15#msg58928 date=1083944057] It SHUT DOWN THE IRS [/quote] Sasser is a friend of Grok's? [/quote] LoL -- the first thought that crossed my mind when he said that he had a relative who works for the IRS was, "Oh no -- they're coming for Grok!" Then I thought, "Nevermind -- Grok is safe!" :P | May 7, 2004, 6:19 PM |
| Grok | [quote author=Myndfyre link=board=2;threadid=6674;start=15#msg58940 date=1083953977] [quote author=Adron link=board=2;threadid=6674;start=15#msg58934 date=1083948472] [quote author=AC_Drkan link=board=2;threadid=6674;start=15#msg58928 date=1083944057] It SHUT DOWN THE IRS [/quote] Sasser is a friend of Grok's? [/quote] LoL -- the first thought that crossed my mind when he said that he had a relative who works for the IRS was, "Oh no -- they're coming for Grok!" Then I thought, "Nevermind -- Grok is safe!" :P [/quote] Cute. But why would they "come for me"? I pay 100% of my taxes. | May 7, 2004, 6:22 PM |
| Skywing | [quote author=iago link=board=2;threadid=6674;start=15#msg58833 date=1083882208] It uses an exploit in LSASS, which is new to win2k+ I think. [/quote] Um. LSASS has been part of Windows NT since 3.1. | May 7, 2004, 6:59 PM |
| Thing | I like Sasser. So far I've made around $600.00 from it. :D | May 7, 2004, 7:22 PM |
| Myndfyr | [quote author=Grok link=board=2;threadid=6674;start=15#msg58941 date=1083954131] [quote author=Myndfyre link=board=2;threadid=6674;start=15#msg58940 date=1083953977] [quote author=Adron link=board=2;threadid=6674;start=15#msg58934 date=1083948472] [quote author=AC_Drkan link=board=2;threadid=6674;start=15#msg58928 date=1083944057] It SHUT DOWN THE IRS [/quote] Sasser is a friend of Grok's? [/quote] LoL -- the first thought that crossed my mind when he said that he had a relative who works for the IRS was, "Oh no -- they're coming for Grok!" Then I thought, "Nevermind -- Grok is safe!" :P [/quote] Cute. But why would they "come for me"? I pay 100% of my taxes. [/quote] Aren't you the anti-tax guy? Do you actually pay tax, or since your taxes *should* be 0, do you pay 100% of $0? | May 7, 2004, 7:36 PM |
| Grok | [quote author=Myndfyre link=board=2;threadid=6674;start=30#msg58950 date=1083958608]Aren't you the anti-tax guy? Do you actually pay tax, or since your taxes *should* be 0, do you pay 100% of $0?[/quote] Your insinuation insults me! I pay all my legally obligated taxes! If there's a law saying I owe it, and if I can find that law, I pay the tax in the manner prescribed by that law. Same goes with driving around town. If there's a law saying I must follow certain driving rules, and if I can find that law, I adhere to the driving rules in the manner prescribed by the law. Yes, that means I do not speed. An no, I am not anti-tax. I am pro-tax. Everyone should pay the taxes that they are legally obligated to pay. I am against people not knowing which taxes that they are obligated to pay. | May 7, 2004, 8:59 PM |
| SNiFFeR | http://www.microsoft.com/security/incident/sasser.asp [quote] Software Affected Windows XP, Windows XP Service Pack 1 (SP1) Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4 Software Not Affected Windows XP 64-Bit Edition Version 2003 Windows Server™ 2003 Windows XP 64-Bit Edition SP1 Windows Millennium Edition Windows 98 Second Edition Windows 98 Windows NT® 4.0 SP6a [/quote] | May 7, 2004, 9:08 PM |
| Mephisto | Thought so... | May 7, 2004, 9:37 PM |