I know of several organizations in the Washington / NoVa / MD area that were
effected - the MD Motor Vehicle Administration was offline for quite some
time, for example.
Sadly - too many people, many who should know better, assumed that as long
as the "edge" was secured than all was good. Unfortunately it only takes
one laptop (for ex) to break that theory :).
Luckily - this was/is a very sloppy worm:
Noisy enough to easily tracedown
Poor propogation method
Limited vectors of attack
No destructive payload
(don't get me wrong - having a backdoor is bad, but let's say it wiped data
from hardrives 8 hours after infecting them, or performed some other
non-randon act of data destruction)
.. and, to top it all off, its attempted DoS was to the wrong URL and
was easily sidestepped, although some people caused local RST floods on
their network by attempting to mitigate it incorrectly :)
Thanks!
TJ
.. not all windows admin's are incompetent
.. and some are network admins as well :)
-----Original Message-----
From: Reimer, Fred [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 16, 2003 4:23 PM
To: [EMAIL PROTECTED]
Subject: RE: OT Microsoft worm [7:74045]
For reasons of confidentiality I won't and can't name any names, but I am
aware of several hospitals that were affected pretty seriously. Everyone
here knows that Cisco Call Manager runs on Windows, so imagine what happens
to your entire phone infrastructure if you are running VoIP. Network grinds
to a halt and admitting can't access the applications to admit people in the
ER. Lab orders don't go through, so meds can't be dispersed based on the
results of tests. Everything goes back to a paper fall-back scheme until
the Windows administrators patch the systems like they should have done
weeks ago.
So no, don't assume that even large organizations have a handle on things.
Especially hospitals which are notoriously on the low end as far as
adequately staffing, at the right levels, their IT staff.
One thing I sincerely hope is changed in our lexicon is calling Windows
administrators "network administrators." It makes me physically ill,
because those folks don't "administer" the "network," if anything they
actually do can be classified as competent administration. They should be
called what they are "systems administrators," or, if you want to be more
specific, "Windows administrators." I personally think they deserve a
classification of their own.
All I can say is that the Windows systems that our group has to use and is
responsible for were patched long ago, and did not exhibit any issues.
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050
NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
-----Original Message-----
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 16, 2003 1:22 PM
To: [EMAIL PROTECTED]
Subject: OT Microsoft worm [7:74045]
Just wondering, is this new LOVSAN msblast worm as big as it seems to be?
I've been helping lots of Windows users clean up their machines. They all
had the worm. These are mostly home users. I can't believe they would use
broadband, "always-on" access and not have a firewall, but they didn't!
What are you all seeing? Is this a big one? I suppose enterprise networks
are much better protected (hopefully) than the home networks I've been
helping out with.
One has to wonder if the huge power outage could be related. I can imagine a
Windows computer somewhere in Ohio that played a surprisingly important role
in keeping the grid working and had been infected..... But I read a lot of
science fiction. :-)
By the way, the stupid worm is attacking the wrong Microsoft URL! So that
aspect of it isn't going to be as bad as once thought.
Comments?
Priscilla
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
******************************************************************************
The information in this email is confidential and may be legally
privileged. Access to this email by anyone other than the
intended addressee is unauthorized. If you are not the intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful. If you are not
the intended recipient, please reply to or forward a copy of this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.
******************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74105&t=74045
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
