New (More) Annoying Microsoft Worm Hits Net 1163
Here are examples of the requests it's sending:
GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../
..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
While writing this story I was hit a total of 4 times, 16 GET attempts per attack. In only 4 minutes. Also of interest, My desktop has now been hit about 500 times today, all from 208.x.x.x IPs. This might be really bad. I still haven't read anything about this anywhere else, so you heard it here first ;)
Update Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served... and due to a bug in IE5, it will automatically execute the file! Yay Internet Explorer!
Re:The old Code Red Patches don't work? (Score:3, Insightful)
Microsoft may be partly to blame, but it's not for being irresponsible in patching these issues; it's for allowing idiots who don't know how to properly administrate and who will never do security checks to easily run MS servers -- often without realising that the server exists.
'Fuck USA' is sadmind (Score:4, Insightful)
More at:
http://www.symantec.com/avcenter/venc/data/backdo
Re:how do I get rid of it? (Score:3, Insightful)
I work on a dual boot machine. I use Windows when I need it for a particular task and I use Linux when I need that for another particular task.
Thank you for demonstrating useless advocacy without being helpful whatsoever.
Re:Corporate ought to be securing the box better.. (Score:3, Insightful)
1) Linux/UNIX is not invulnerable, but it's been years since the Morris Worm. We're seeing a spate of this sort of stuff under NT- why? Is it because of sloppy admin work, lack of overall security in the design of Windows, or both?
2) If you can't apply security patches because it'll break your machine, then maybe there IS a problem with the OS.
Re:Time for a class action lawsuit against Microso (Score:3, Insightful)
Re:How to stop Internet Explorer executing said wa (Score:4, Insightful)
[message/rfc822]
So this thing is really evil:
1. it uses many forms of attack
2. it attacks server _and_ clients
3. it propagates by tftping the load from altering hosts (probably from the host which
did the attack before)
4. it alters the content type for the client infection via http+IE
Comment removed (Score:3, Insightful)
It's morons, not Microsoft that're responsible (Score:1, Insightful)
Were we hit by Code Red? Nope. Code Red II? Nope. This? Nope. ANY worm? Not a chance.
All these worms exploit SERIOUSLY OLD holes in IIS, of which patches have been release over 3-5 MONTHS ago. All of these pacthes are available via Windows Update, and show up with a "Critical Updates Notification" on the taskbar.
Anyone who runs ANY server but is 5 months behind on security updates is an absolute MORON, and deserves to be hit with a worm. It's easy to blame MS for all their "security holes", but folks...these have been patched for a while now...
-Jayde
you get what you pay for. (Score:3, Insightful)
alot of the boxen that are being infected are doing so because they are running default installs with no patches. if you told me you were running a default redhat install i would laugh my ass off.
my main problems with windows is the security paradigm they use, and how the market ease of use. because of this a normal user can execute programs that infect system files. sort of like browsing the web as root. by marketing their product as "point and click"ish they attract the lowest common denominator in users.
it basically comes down to being an informed user. by the time you get to admining a unix box you are normally already a bit more informed, and you probably arent making the decision because it's _easy_ to use.
Less Stress for Apache Logmasters (Score:2, Insightful)
<VirtualHost 24.222.rest.ofyourip>
ServerName 24.222.rest.ofyour.ip
ErrorLog
CustomLog
</VirtualHost>
Re:Alas, corporate IS still wants Windows (Score:2, Insightful)
My point exactly. Of course, total security is a fallacy, but using a system or a method that is demonstrably risky is plain dumb.
So yes, corporate IS departments keep installing Windows all over the place even in places where they could avoid it because "that's what the market is".
Imagine this discussion:
Of course, at the end the landlord shoots the architect, to the acclaim of the whole profession.
So why do we endure these IS "architects"?