They're heeeeee-eeeeeeere!
Aug. 12th, 2003 10:10 pmWormity worm.
The LoveSAN/MSBlaster worm is actually rather a dull one. One vector, and pretty trundled together.
( There's a lot of technical info about the RPC/DCOM worm. )
Just about on schedule, if you consider that the folks I work with said, "Get all servers patched by the 3rd, and all laptops by or around the 6th, and the desktops by the 11th."
Everyone saw this coming.
Still, it is spreading fairly far. Indeed, the news reports are not based on the real number of infections out there (would your employer run to CNN and yell, "Yeah, we wurz warned, but we dinna listen, and now we hozered!"? Didn't think so).
In reality, I've heard from large financial and insurance with just a couple dozen hozed laptops or remote user systems, while also hearing from a large manufacturing company of hundreds (and going rapidly up) of affected hosts. One company said it was just not a big deal; after all they "only" had 400 or so affected hosts.
One division of one company I know seemed to become suddenly, wildly infected (the network guru noticed when his virus protection software told him it had blocked the worm exe from running -- meaning he was vulnerable, and that close to being hozed). They started talking about cutting their corporate WAN connection to prevent infecting the rest of the company. Then they sheepishly admitted their patching might be a little behind... despite THREE WEEKS of warning... and two weeks of the corporate core performing upgrades on *20,000* hosts.
"Well it would have been disruptive to business." Yeah. Corporate core's 20,000 host upgrade was totally painless, you betcha!
Anyhow, they're living with their risk assessment results now.
The LoveSAN/MSBlaster worm is actually rather a dull one. One vector, and pretty trundled together.
( There's a lot of technical info about the RPC/DCOM worm. )
Just about on schedule, if you consider that the folks I work with said, "Get all servers patched by the 3rd, and all laptops by or around the 6th, and the desktops by the 11th."
Everyone saw this coming.
Still, it is spreading fairly far. Indeed, the news reports are not based on the real number of infections out there (would your employer run to CNN and yell, "Yeah, we wurz warned, but we dinna listen, and now we hozered!"? Didn't think so).
In reality, I've heard from large financial and insurance with just a couple dozen hozed laptops or remote user systems, while also hearing from a large manufacturing company of hundreds (and going rapidly up) of affected hosts. One company said it was just not a big deal; after all they "only" had 400 or so affected hosts.
One division of one company I know seemed to become suddenly, wildly infected (the network guru noticed when his virus protection software told him it had blocked the worm exe from running -- meaning he was vulnerable, and that close to being hozed). They started talking about cutting their corporate WAN connection to prevent infecting the rest of the company. Then they sheepishly admitted their patching might be a little behind... despite THREE WEEKS of warning... and two weeks of the corporate core performing upgrades on *20,000* hosts.
"Well it would have been disruptive to business." Yeah. Corporate core's 20,000 host upgrade was totally painless, you betcha!
Anyhow, they're living with their risk assessment results now.