0
harro

Virus warning

By harro, in The Bonfire

Recommended Posts

wildblue    7

wildblue
I came in this morning to over 1,000 firewall alarms (machines hitting port 135 - Blaster virus)

And some dip shit who knew someone here got infected with the Sobig.F - you know how it puts a random address in the "from" ? Yeah, put one of my user's address. So, they've gotten the virus a few hundred times (I think everytime it infects another computer, it responds with itself too - so I get to see who all is infected now! :D) as well as all the 'undelieverable' messages and the 'hey you sent me a virus!' messages... at least nothing is infected here.
BTW - Cornell.edu and unl.edu seem to have gotten hit pretty hard :D
it's like incest - you're substituting convenience for quality

Share this post

Link to post
Share on other sites

RevJim    0

RevJim
Quote

Quote

p.s. They ALL came from the same ip address.



Hmmmm...Lemme guess - 63.252.228.74?



Yep. Just counted another 102 this morning.

>:(

p.s. I can't get a definitive end for the trace, but it does show Austin TX as the source.

"Hey y'all, watch this! Click! Cool! Look at that virus take off!"
It's your life, live it!
Karma
RB#684 "Corcho", ASK#60, Muff#3520, NCB#398, NHDZ#4, C-33989, DG#1

Share this post

Link to post
Share on other sites

WFFC    1

WFFC
Quote

>:(

p.s. I can't get a definitive end for the trace, but it does show Austin TX as the source.



I'll one up ya. I'm calling the ISP responsible. Unfortunately, I know someone there.

Edit to add: They're looking for the culprit now and will pull their plug when they find it.

Share this post

Link to post
Share on other sites

jumpwally    0

jumpwally
Ok Ok...but how do we get it off our computers now? i have xp and i am not a computer expert,,,it says rpc and shutsdown the computer when im logged on,,ill send a jump ticket to the first one that can help me....thanx wally
smile, be nice, enjoy life
FB # - 1083

Share this post

Link to post
Share on other sites

Stacy    0

Stacy
my email has ended up as a masked "from" for some circulating virus. I"m getting all the undeliverable return messages, etc etc, and norton is going crazy with all the viruses that are coming back with messages.

very very annoying.

__

Share this post

Link to post
Share on other sites

sburkart    0

sburkart
Quote


First of all, get a virus scanner and update it, then run a full scan.



I can see how these things infect networks, but
do you guys honestly believe everyone should
be running anti-virus software?

IMHO on an isolated home-machine all one has
to do is NOT open e-mail attachments and keep
the OS updated.

I'm not looking for someone to cause me
problems here, but I've never run any
virus-scanner and I've never gotten a virus,
though I have read of tons of people who
use such software whose machines have
gotten infected anyway. I don't get it.

Share this post

Link to post
Share on other sites

WFFC    1

WFFC
Quote

I can see how these things infect networks, but
do you guys honestly believe everyone should
be running anti-virus software?



[resists urge to beat people]The key to the whole issue is also being diligent about what emails you open and keeping your virus scanner up to date[/urge gone]
I've got one machine that does not have a virus scanner on it, but it's isolated from the network in the house and not on the web. In it's case, I don't believe a virus scanner is necessary.

edit to add: Avast Virus Scanner - It's priced for the skydiver budget!

Share this post

Link to post
Share on other sites

hookitt    1

hookitt
Quote

IMHO on an isolated home-machine all one has
to do is NOT open e-mail attachments and keep
the OS updated.



Not so. You can Try and keep up dated. msblast and welchia will infect your system in about 4 1/2 seconds just by connecting to the internet with out a firewall.
My grammar sometimes resembles that of magnetic refrigerator poetry... Ghetto

Share this post

Link to post
Share on other sites

VisionAir    0

VisionAir
Quote

it says rpc and shutsdown the computer when im logged on



This sounds like the Lovsan worm that enters thru the open port 135, and not the SoBig virus that is email based.

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=lovsan

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=sobig

Yay...I finally figured out clickiesB|

What I want to know now is... the hits on my firewall blocked port 135 have finally slowed down but now I'm getting "pinged" numerous times an hour. Any insight on this?


Huh?!? What cloud?!? Oh that!!! That's just Industrial Haze
Alex M.

Share this post

Link to post
Share on other sites

Katzeye    0

Katzeye
I'm living that hell right now.

It's probably the Nanchi worm, after it removes blaster and patches your systems, it uses the victim computer to send ICMP pings out to find other computers to replicate to and do the same thing.

Can you say "network storm?"

LA*


Is a chicken omelette redundant?

Share this post

Link to post
Share on other sites

VisionAir    0

VisionAir
Somewhere I read about a ghetto fix for the SoBig email virus.....
Supposedly it is programmed to stop spreading on Sept 10 or 20 (not sure) and if you simply change your system calendar to beyond that date it fools the virus. It's seemed to work for me so far, as I haven't received an email in about an hour now.


Huh?!? What cloud?!? Oh that!!! That's just Industrial Haze
Alex M.

Share this post

Link to post
Share on other sites

sburkart    0

sburkart
Quote

The key to the whole issue is also being diligent about what emails you open and keeping your virus scanner up to date.



Read again. No scanner, no update, no virus.
Let me add that I also run AdAware once a week.

Quote

I've got one machine that does not have a virus scanner on it, but it's isolated from the network in the house and not on the web. In it's case, I don't believe a virus scanner is necessary.



And this machine is online whenever

* Windows Update (auto)
* Seti@home
or
* Folding@home

have needed it to be, 24/7 since XP was released,
and 24/7 from when '98 SE was released. On top of
that, I only this week enabled the XP firewall, and
have always run the "dreaded" Outlook for mail.
Nobody has ever gotten a virus mailed to them
from my address book.

I agree that the key is being diligent in opening
attachments to e-mail, and disagree wholeheartedly
with buying into anti-virus schemes, especially those
that have to be periodically updated and upgraded.

It comes down to this: be smart and buy into
any anti-virus scheme you can afford (and update
it diligently), or be intelligent and don't open
un-confirmed e-mail attachments.

Pretty simple, no? Now, if I wanted to get really
paranoid I could Telnet into my account and
use ELM or PINE and delete anything that looked
suspicious before even running Outlook, but why
bother?

The next virus this system gets will be its first,
whereas I've seen the opposite of those using
anti-virus schemes. What happened to them?
Immaculate infection?

Share this post

Link to post
Share on other sites

WFFC    1

WFFC
Quote

Quote

Hmmmm...Lemme guess - 63.252.228.74?



Yep. Just counted another 102 this morning.



Rev-
You're not gonna believe who is at the other end of that I.P. Tracked it down to Illicom, the ISP that provides internet access to the WFFC in August. Contacted them to advise that it was coming from one of their IPs and they passed it on to one of their techs to research. Was still getting them this afternoon so I called again. Got a phone call back about 15 minutes later for the Village of Rantoul I.T. manager who was dumbfounded that it was on one of his machines.
Can you say oops!
The Village of Rantoul apologizes for any inconvenience for any emails you may have recieved from the I.P. address listed above. :P

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

and disagree wholeheartedly
with buying into anti-virus schemes, especially those
that have to be periodically updated and upgraded.



Using a computer to communicate with other computers in any way (online or sending email) without virus protection is socially irresponsible.

It's like walking around sneezing on people. Sure you take all your vitamins, wash your hands 20 times a day so you'll never get sick and infect someone with your sneezes.

The biggest reason viruses are able to propagate the way they do is because people don't use virus protection. Our network gets bombarded with viruses constantly, we haven't been infected since I've been there. There's one single reason we haven't. Virus protection.

Quote

It comes down to this: be smart and buy into
any anti-virus scheme you can afford (and update
it diligently), or be intelligent and don't open
un-confirmed e-mail attachments.



That used to work. But now you can get a virus without doing anything. It can be sent to a vulnerable open port on your system any time you connect to the internet. You can also get them just by viewing web pages or opening an email (not the attachment, just the email).

Share this post

Link to post
Share on other sites

RevJim    0

RevJim
Quote

Quote

Quote

Hmmmm...Lemme guess - 63.252.228.74?



Yep. Just counted another 102 this morning.



Rev-
You're not gonna believe who is at the other end of that I.P. Tracked it down to Illicom, the ISP that provides internet access to the WFFC in August. Contacted them to advise that it was coming from one of their IPs and they passed it on to one of their techs to research. Was still getting them this afternoon so I called again. Got a phone call back about 15 minutes later for the Village of Rantoul I.T. manager who was dumbfounded that it was on one of his machines.
Can you say oops!
The Village of Rantoul apologizes for any inconvenience for any emails you may have recieved from the I.P. address listed above. :P



@ "IT Manager" :D:D:D

Some people should lean on a shovel more, and turn over the important stuff to the true geeks.

;)
It's your life, live it!
Karma
RB#684 "Corcho", ASK#60, Muff#3520, NCB#398, NHDZ#4, C-33989, DG#1

Share this post

Link to post
Share on other sites

juanesky    0

juanesky
Quote

Good morning/afternoon/nite/whatever....

Latest virus out :
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html#recommendations

enjoy



this is just an e-mail we got from out IT dept
If you are wondering why the recent splurge in email spam, read the article below. If it's too much to read, just realize other users are experiencing the same issues.



Sobig virus called fastest-spreading
Onslaught of junk e-mail expanding
By Bloomberg News, 8/21/2003
The Sobig computer worm, the fastest-spreading e-mail virus ever, infected more computer systems yesterday, including the states of New Jersey and Pennsylvania.

Computer security experts have been working since Monday to eradicate Sobig before it sends more junk e-mails, clogging home and business computers, said Steven Sundermeier, a vice president with Central Command Inc., a security-software company based in Medina, Ohio. Sobig has spread faster than any other virus of its type, he said.
The worm has proven to be a nuisance for computer-systems operators, who have intercepted thousands of unwanted e-mails. The worm can send out about 10 times as much unsolicited e-mail as earlier versions, said Mark Sunner, chief technology officer at New York-based MessageLabs Inc., a closely held security consulting company.
"It's one of the most unprecedented viruses that we have seen so far, in terms of its ability to disseminate itself," he said. "We have intercepted a million infected e-mail messages in a 24-hour period. That puts it in the top of our league table."
Sobig can render a computer more susceptible to use for sending unwanted e-mail, or spam, Sunner said. Clients of MessageLabs include the US Federal Reserve. Experts say the worm has sent millions of junk e-mails.
The worm is proving to be more of a headache for home users than large businesses, which protect their networks with security staff and the latest software, security officials said. Officials in New Jersey, which found the virus yesterday, are finding it a "nuisance," said Kathleen Ellis, spokeswoman for New Jersey Governor Jim McGreevey.
"The main problem we had was with access to the Internet," said Mia DeVane, a spokeswoman for the Pennsylvania Office of Administration.
Philadelphia city officials have intercepted 10,000 e-mails infected with Sobig, said Dianah Neff, the city's chief information officer.
The virus was also found in computer networks of the states of New York and North Carolina, officials in those states said. AOL Time Warner Inc.'s America Online unit, the number one Internet service provider, discovered 11.5 million e-mails infected with Sobig since Tuesday when it began looking for the virus, said Nicholas Graham, a spokesman for the New York-based company.
"That clearly demonstrates there's a problem in how widespread this virus is on the Internet," Graham said. "It also shows we are stepping in to protect our members and provide a buffer."
Officials at Microsoft Corp., the world's largest software company, are urging customers to use "extreme caution" when opening e-mail attachments, said Sean Sundwall, a company spokesman. He wouldn't say how many infected e-mails Microsoft has intercepted. Redmond, Wash.-based Microsoft operates MSN, the number two US Internet service provider.
The worm only affects computers running Microsoft's Windows operating systems, which power more than 90 percent of all computers, Symantec said.
A small percentage of FedEx Corp. customers experienced delays in accessing shipment information from the company's website because of the worm Tuesday, said Traci Barnett, a company spokesman. Those problems have since been resolved, she said.
Cox Communications Inc., the fourth-largest US cable operator, benefited from security measures it undertook to defend itself last week from the Blaster virus, said Bobby Amirshahi, a company spokesman.
Priceline.Com Inc., an Internet seller of discount travel services, blocked Sobig from entering its computer network, said Brian Ek, a company spokesman. Sobig hasn't affected the operations of the Norwalk, Conn.-based company, Ek said.
CSX Corp., the third-largest US railroad, said it halted freight and passenger operations yesterday after a worm similar to Sobig slowed a telecommunications network that controls train dispatching and signals. "Many key systems" were restored by midday, Jacksonville, Fla.-based CSX said in a statement.
Officials at Continental Airlines Inc., the fifth-largest US carrier, are "taking care to scrub it" from inbound e-mails, said David Messing, a company spokesman. He said it wasn't affecting operations.
"According to some of the conservatives here, it sounds like it's fine to beat your wide - as long as she had it coming." -Billvon

Share this post

Link to post
Share on other sites

sburkart    0

sburkart
Quote

Using a computer to communicate with other computers in any way (online or sending email) without virus protection is socially irresponsible.



I do not buy into the faulty iogic that I must run a
virus scanner that must be updated to protect
against virii it knows nothing of until the time of the
update (the industry standard model, correct?)

Quote

The biggest reason viruses are able to propagate the way they do is because people don't use virus protection.



The latest worm was sent to me four times,
I deleted it four times, end of story.

As to your other scenarios (websites, open ports
etc), what can I say? This machine or its brethern
have been tooling around the internet on and off
by themselves 24/7 for YEARS, I've d/l'd thousands
of files of all types and in that time NADA.

No virus protection, no virus. Hey, maybe it's Karma?

Seriously, if I were of a typical sheeple bent I would
surely be loath to go online sans virus protection of
any kind, what with all manner of IT professionals
telling me of the threat that my (in)action poses,
but given my years of personal experience I can't
cop to being THAT stupid and clueless.

Either can these guys

Quote

"A true leader is an independent thinker who does what he believes to be best. There are many true leaders without a following, and way too many followers without a true leader."



That is a great quote.

As for social responsibilty:

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing