- Related Stories
-
Apple unloads dozens of fixes for OS X
August 16, 2005 -
Zotob worm finds its path limited
August 15, 2005 -
IE flaw opens door to infection on sight
August 9, 2005 -
Microsoft to update final Windows 2000 patch
August 8, 2005 -
Worm hole found in Windows 2000
August 3, 2005 -
This week in Microsoft security
July 22, 2005 -
Windows 2000 moves to the back burner
June 28, 2005 -
The slow road to Windows XP
June 14, 2005
Computers across the United States have been hit, including those at cable news station CNN, television network ABC and The New York Times. Tokyo-based antivirus company Trend Micro blames the havoc on various worms, including the Zotob worm that hit the Internet over the weekend and new variants of the Rbot worm.
Some security researchers claim the outbreak is tied to a "war" between rival virus writers. "We seem to have a botwar on our hands," Mikko Hypponen, chief research officer at Finnish software security firm F-Secure said in a statement issued on Wednesday.
"There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines," he said.
All of the worms exploit a security hole in the plug-and-play feature in the Windows 2000 operating system. Microsoft offered a fix for the bug as part of its monthly patching cycle last week. The software maker deemed the issue "critical," its most serious rating.
Zotob prevention and cure
"It seems like every couple of minutes a new variant comes in. We cannot pinpoint the infections to one variant," Joe Hartmann, director of the antivirus research group at Trend Micro, said on Tuesday. "We are still gathering infection reports. It is coming globally."
Symptoms of infection include the repeated shutdown and rebooting of a computer, Trend Micro said.
Microsoft is investigating the reports of the worm outbreak, the company said in a statement. It lists "Worm_Rbot.CEQ," an Rbot variant, as the possible cause of the trouble.
The company also sought to downplay the threat and said Windows 2000-based PCs running the latest patch are protected. "Zotob has thus far had a low rate of infection. Zotob only targets Windows 2000. Customers running other versions such as Windows XP, or customers who have applied the MS05-039 update to Windows 2000 are not impacted by this attack," the company said in a statement issued Tuesday.
Inside job
The multiple worms are hitting individual organizations rather than computer users at large, said Johannes Ullrich, chief research officer at the SANS Institute, an Internet security training and research outfit.
"These worms are not having an impact on the Internet," Ullrich said on Tuesday. "They do have a substantial effect on organizations running Windows 2000 without last week's Microsoft patch installed."
The pain is being felt "on the inside," agreed David Cole, the director of product management at Symantec Security Response. The worms might slither onto the networks of companies with Windows 2000 systems from an infected laptop that has been used outside the corporate firewall, for example, he said.
"It gets inside an organization and then it bounces around and wreaks havoc," Cole said.
The New York Times has been hit by the virus, but the assault has not impacted the delivery of the news, said a spokeswoman for the publication.
"The Web site was not affected and newspaper production will not be affected," the representative said. The internal systems of the paper are "operational," the representative added, but she did not state what degree of impact the worm had had on its internal operations.
Walt Disney's ABC News and Time Warner's CNN confirmed in postings to their Web sites that their computers had been hit.
Which worm done it?
Experts have different opinions on the cause of the latest infections. The SANS Internet Storm Center, which tracks network threats, attributes Tuesday's trouble to Zotob, which keeps mutating and finding new victims. "As seen with prior TCP worms, it is reaching its peak around three days after the outbreak," SANS said on its Web site.
The security issue exploited by the worm also affects the newer Windows XP and Windows Server 2003, but only PCs running Windows 2000 are susceptible to a remote attack, Microsoft has said.
There are desktop and server versions of Windows 2000, which was released in 2000 for business users rather than consumers. More
See more CNET content tagged:
Zotob worm, David Cole, worm, Microsoft Windows 2000, variant
and computers to Dells within the last couple of days! What timing.
Again, CNN should be Embarrassed!
not some nebulous debate in a nerdy forum.
If only FOX News had broadcast the issue live. With their larger
and much smarter audience (I mean that seriously, CNN is a
joke) Microsoft would never sell another copy of their crummy,
broken down OS.
O' Glorious Day!
I guess you would see them as smarter if your a right winger. CNN is right wing too.
Stop drooling and scratching your head, open up your eyes and learn about that which controls much of your life. Hopefully your raining ignorance does not destroy anything important in the mean time.
"ignorant masses" because the lowly cattle are not smart to
manage their computer systems.
You know, many of these poor folks that you have such distain
for have jobs, families, you know, real lives. They don't have the
time to invest in PCs like lonely geeks do. Balding saps sitting
under a dim 40 watt bulb in your tattered underwear, playing
Doom all day long, and going through bags of Cheetos.
Did it ever occur to you that perhaps we should be feeling sorry
for you? Investing all your time and energy in a failed operating
system? Think different, Tron. Go outside and play. You're
looking awfully pale and the human race needs you.
Only an idiot would activate Automatic Updates, on a Windows machine, on a corporate network (unless the updates are being pulled from a company controlled, local Windows Update server [after an intense, possibly long, period of testing]).
Thanks for playing. Try again.
by the minute, reports about Windows with its high-tech
(insecure) bundling of Internet Explorer into the OS, and how it
has made eveyone pay for Microsofts greed. If they cant beat a
company like Netscape with good technology methods, then lets
screw our customers, since they dont know better anyway, and
mash the browser into the OS and let 'em fight for themselves. If
you keep buying into the next marketing ploy, or promise, of a
secure Microsoft system, you will keep fixing your PC jalopy,
while Bill Gates laughs all the way to the bank.
What can you do, you might ask? Perhaps buy a Mac, or build a
Linux PC, after all what is your time worth in life, if you can
avoid these constant (never ending) hassles with a troubled
Microsoft design that will keep milking you for life. With no end
in sight, get used to it, or get out of Windows. Now you know.
loss of data."
All of the worms exploit a security hole in the plug-and-play feature in the Windows 2000 operating system.
Microsoft needs to release a patch that turns on automatic updates permanently if it sees the computer hasnt been updated in over a month.
WRITING CRUMMY, SLOPPY, CODE.
That would solve everything.
Ooops. Just remembered. I have a firewall. Back to work.
Again, CNN should be Embarrassed!
" ...but Windows 2000 remains popular. The operating system
ran on ***48 percent*** of business PCs during the first quarter
of 2005, according to a recent study by AssetMetrix."
Also it was CNN, New York Times, and ABC network that are
mentioned in the articel alone. How many more do you think
there are? Hint: There are still millions of W2k machines out
there, and these are typically not upated vigorously.
CNN was reporting LIVE giving quotes from Microsoft
representatives who claimed it was "low level". Do you think
these companies and others think it was "low level"?? MS means
its "low market share" so they can tell them to screw. Air time
costs hundreds of thousands, if not millions per minute of
broadcast time.
every night is beyond me. These "critical" situations are affecting
people's lives in dramatic ways... oh, wait...
Fortuantely, it mostly IT wonks and MS apologists that are staying
up late securing these OS dinosaurs. Serves 'em right.
Is there better hardware support then there was in these OS?s then there used to be yet? Then they might be worth considering, but probably not since I still couldn?t get half the apps I use to run on them.
nasty windoze thang.
Who knows????? ;-)
Have you ever read the book "Jennifer Government" by Max Berry? The book (it's fiction) touches on the extent of corporate espionage and it's quite cleverly written. Although, in the book, Nike kills a few people to increase the value of some shoes. While not DIRECTLY correlated (yet!), it has a similar feel to it.
than you are", are being hit by this worm hard.
I guess I should serve them some humble pie. Perhaps their IT
groups could bring cutlery and juice.
As to the myth that the virus and worm writers target Windows because everyone uses it....thats BS! Viruses and worms are all about reputation in that world...no one gets paid to write a worm. The first person to write a sucessful Linux, Unix, or Mac virus would be famous. It has nothing to do with market share. If there was only one Ferrari in NYC, do you think it wouldn't get stolen because of market share? Viruses and worms don't exist for Linux, Unix, and Macs because they are all based on operating systems that were designed from the beginning not to allow them.
"As to the myth that the virus and worm writers target Windows because everyone uses it....thats BS!"
"The first person to write a sucessful Linux, Unix, or Mac virus would be famous"...
"Viruses and worms don't exist for Linux, Unix, and Macs because they are all based on operating systems that were designed from the beginning not to allow them"...
Pardon me, but, using Peter's words, "thats BS!" - I mean, the myth that Linux, Unix, or Mac are inherently virus-free, and Windows is the sole vulnerable OS.
Here is just a couple of links for you - go and get some protection:
Virus protection for MAC OS:
http://www.symantec.com/nav/nav_mac/
... and for Linux:
http://www.centralcommand.com/linux_server.html
Deleting one file in safe mode fixes the problem.
The so-called patch does nothing to stop this worm, the only protection is to
1/turn off port 445 to stop it spreading to other computers,
2/delete the mousemb.exe file from system32
3/remove the two reg edits it makes (although these appear to be harmless, in fact they might even make your computer more secure)
4/Anti-virus software - it's the only thing that can prevent re-infection, as I said, the M$ patch does nothing. Patched machines are just as likely to be infected as those not patched.
What happened here is that some "expert" advised a CNN "reporter" to watch for suspicious activity, such as your PC rebooting - probably because this "expert" remembers a worm from about two years ago that did this.
This turned into the "worm reboots computers" - which spread like wildfire across cable news channels (pretty much the same thing as your average tabloid paper, but on TV - think Fox News, MSNBC, CNN - all do nothing except commentate on life, making up hysterical BS to make it appear more interesting).
just one, should be easy right?
otherwise don't spread your ignorance
"Name one 'innovation' in longhorn that doesn't already exist elsewhere"
http://news.com.com/5208-1016-0.html?forumID=1&threadID=8183&messageID=57023&start=83
...and I gave two, yet you are still spouting the same anti-Microsoft garbage. You are not here to learn, you are here to lecture.
The fact is I have Win2K and broadband and I have not got this virus. Seems as overrated to me as UNIX virus, which do exist and you know it.
The VERY FIRST worm. It was Unix based and spead from Unix system to Unix system causing a great deal of damage to the internet. In fact by percentages of internet systems infected, it was the most effective worm ever.
Don't make challenges based on your own ignorance.
capturing & dragging suspected terrorists from the caves, they
frequently find their MS Windows PC laptops & search for
terrorist activity on the hard drives? Coinsidence? Hugh amounts
of money & they use MS PC Windows laptops?
US DOJ had their chance & they agreed that Microsith is an illegal
monopoly, but refused to break the monopoly apart or control
their illegal activities worldwide. MS Monopoly money goes very
deep into the pockets of the U.S. Government in Washington
D.C.
U.S. Gov't has suggested that MS should be considered for a
national ID card for all citizens & immigrants of the USA, as part
of their homeland security defense. Citizen Gates with the Dept.
of Homeland Security would "manage" all important data of all
citizens.
U.S. Gov't has recently suggested that MS Internet Explorer be
the ONLY Internet Browser of the Government. MS-OS control
battleships & aircraft carrier computers.
But noooooooooo, the terriorist wouldn't think of taking
advantage of the structural weaknesses of the US-MS software
that is on the governments computers, the US military
computers, the US airports computers, the banking +
investment computers & the majority of the US citizens
computers. Why would they want to do that...?
WAKE UP PEOPLE!
These worldwide cyber attacks are not just some smart punk
kids having a laugh. These attacks are effecting millions of
businesses & costing them BILLIONS of dollars. These "phishing"
scams through IE Outlook are ripping off money from innocent
people & growing identity theft is a major problem.
Don't make it easy for criminals / terrorists by using faulty
software full of security holes that Citizen Gates can't plug fast
enough.
Really. Thanks.
Every Win2K PC we have has been infected, it wasn't until after we removed a certain file that even the anti-virus software would delete or quarantine any of the subsequent attacks.
Our WinXP and Server 2003 boxes have been completely unaffected by any of the worms - mostly because we have patch management software that can patch hundreds of networked computers instantly - without any kind of manual installation.
If we'd had to rely on automatic updates we'd have been screwed - because in a business environment you don't give normal users admin rights, therefore automatic updates won't work until an administrator logs on.
I don't know how any medium or large sized business can cope with keeping on top of patches without software that can remotely patch at least a 100 workstations at a time.
We don't even have to do a manual install of the patch management software (which the crap patch management packages force you to do on every workstation). All we have to do is scan for a new PC on any domain then apply the patches and remotely reboot it.
UpdateExpert has prevented every worm except w32.esbot from causing us any problems, and that only failed because there isn't a patch out there that prevents it from installing on Win2K PCs.
- Microsoft WGA = terrorist threat
- by W2Kuser August 17, 2005 2:22 PM PDT
- The real story here is that Microsoft's new WGA policy of BLOCKING critical security updates of computers that are not verified as "genuine windows".
- Reply to this comment
-
-
- From the MSFT website
- by August 18, 2005 9:54 AM PDT
- Q:Do security updates require validation?
- View all 2 replies
Processing -
Showing 1 of 2 pages (105 Comments)By intentionally blocking these critical security updates, Microsoft is now openly supporting not only annoying hackers, but also the more serious cyber-terrorism threats.
Forget Iran or Korea, Microsoft now poses a more serious, immediate threat to this country's security...
A: Security updates are not part of WGA. Security updates can be installed using the Windows XP Automatic Updates feature, or downloaded from the Download Center.
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en
Do your homework before you make ASSumptions and flame
MSFT has said all along the using the WGA is NOT a requriement to receive security updates, for the very reason you mention above. They would rather patch pirated versions than have them become infected.