I know of several organizations in the Washington / NoVa / MD area that were effected - the MD Motor Vehicle Administration was offline for quite some time, for example.
Sadly - too many people, many who should know better, assumed that as long as the "edge" was secured than all was good. Unfortunately it only takes one laptop (for ex) to break that theory :). Luckily - this was/is a very sloppy worm: Noisy enough to easily tracedown Poor propogation method Limited vectors of attack No destructive payload (don't get me wrong - having a backdoor is bad, but let's say it wiped data from hardrives 8 hours after infecting them, or performed some other non-randon act of data destruction) .. and, to top it all off, its attempted DoS was to the wrong URL and was easily sidestepped, although some people caused local RST floods on their network by attempting to mitigate it incorrectly :) Thanks! TJ .. not all windows admin's are incompetent .. and some are network admins as well :) -----Original Message----- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 4:23 PM To: [EMAIL PROTECTED] Subject: RE: OT Microsoft worm [7:74045] For reasons of confidentiality I won't and can't name any names, but I am aware of several hospitals that were affected pretty seriously. Everyone here knows that Cisco Call Manager runs on Windows, so imagine what happens to your entire phone infrastructure if you are running VoIP. Network grinds to a halt and admitting can't access the applications to admit people in the ER. Lab orders don't go through, so meds can't be dispersed based on the results of tests. Everything goes back to a paper fall-back scheme until the Windows administrators patch the systems like they should have done weeks ago. So no, don't assume that even large organizations have a handle on things. Especially hospitals which are notoriously on the low end as far as adequately staffing, at the right levels, their IT staff. One thing I sincerely hope is changed in our lexicon is calling Windows administrators "network administrators." It makes me physically ill, because those folks don't "administer" the "network," if anything they actually do can be classified as competent administration. They should be called what they are "systems administrators," or, if you want to be more specific, "Windows administrators." I personally think they deserve a classification of their own. All I can say is that the Windows systems that our group has to use and is responsible for were patched long ago, and did not exhibit any issues. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 1:22 PM To: [EMAIL PROTECTED] Subject: OT Microsoft worm [7:74045] Just wondering, is this new LOVSAN msblast worm as big as it seems to be? I've been helping lots of Windows users clean up their machines. They all had the worm. These are mostly home users. I can't believe they would use broadband, "always-on" access and not have a firewall, but they didn't! What are you all seeing? Is this a big one? I suppose enterprise networks are much better protected (hopefully) than the home networks I've been helping out with. One has to wonder if the huge power outage could be related. I can imagine a Windows computer somewhere in Ohio that played a surprisingly important role in keeping the grid working and had been infected..... But I read a lot of science fiction. :-) By the way, the stupid worm is attacking the wrong Microsoft URL! So that aspect of it isn't going to be as bad as once thought. Comments? Priscilla **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html ****************************************************************************** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ****************************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74105&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html