Comments on: Exploit out for Zotob-like Windows flaw

Computer code exploits a flaw in Windows similar to the hole that led to the Zotob worm two months ago.

[bytehead]

Already exploited?

I have either seen or heard of 4 machines, 1 Win2000, the rest WinXP that have suffered malicious attacks. The 2000 box was still able to boot, but the registry is so badly damaged that not much else can be done with it. The other three machines have registry errors so bad that they will not boot, regardless of what kind of boot, safe or normal, that is chosen.

The 2000 machine has GoBack running on it, and I discovered that it was rebooting constantly every 10 minutes when no one was at home to see what was going on. That machine was hit around 10/14. The machine also had a rootkit installed on it, which may be a factor as well. I was indeed reminded of Zotob when I tried to deal with it.

The XP machines have all shown the same problem. They were running just fine, then they managed to be reset, and then the registry was damaged. It just amazes me that I'm seeing this problem so often right now, I figured it had to be something new.

The last time I dealt with a new virus that was brand spanking new was the F---ing Butterflies virus from the early 90's. The biggest offender? A network administrator that got it to spread like fire among 4 different file servers (when she was really only supposed to have full access to one!)

Exploited Long Ago........

This is NOT the dawn of a new entry point, the browser is still
the open door to all those underlying Windows OS calls that are
getting used.

The fact that critical business data, and the millions of private
and corporate users info is at stake makes the Internet Explorer
and Windows OS interconnect all the more sinister and ripe for
the underworld to prey on.

As far as this current explot news, or the next one, or the last
15, dont you think that Microsoft has exploited its customers
long ago when it used this same IE OS integration to get rid of
the Netscape browser.

count your nickels, cause you will be needing them for the daily
parking meter fees you are gonna pay to maintain that PC

[rbannon]

So what should we do?

Windows, as we all know is pervasive, and is not going away. At
work, I have my Mac OS X box connected to a very large
Windows network, I run snort on occasion and I am shocked at
how much malicious activity occurs. When I try to tell IT they
just act like it's normal. My box is self-managed and I believe it's
secure, my IT decided to leave my box pretty much wide open (I
can log on from anywhere) and I wonder why sometimes. They
certainly wouldn't do that to one of their managed Windows
boxes, but my unmanaged (I'm a teacher) Mac OS X box is a
target waiting for a savvy attacker. In many ways I think my IT
staff is waiting (years now) for me to announce that my box has
been hacked.

Oh, I almost forgot, my IT staff can not, and will not, answer any
Mac questions. Fortunately, I have none.

Any thoughts?

Free iPods are here: http://ipods.freepay.com/?r=22990096

why patch your os?

Running a firewall eliminates the ability to exploit the majority of vulnerabilities for an operating system.