RE: Virus Alert - W32.Blaster.Worm

From: Charles Church (cchurch@wamnet.com)
Date: Tue Aug 12 2003 - 17:00:39 GMT-3

John,

    I apologize for coming off a little too harsh. If it's a company owned
PC and you've got a help desk that supports it, it really should be their
responsibility. I too have been burned by MS patches, so I usually wait
until it's been out for maybe 3 or 4 business days before installing it.
That's usually enough time for people to find problems and MS to fix it or
pull it off the site. But for your company (which I assume is in the high
tech field) to be a year behind on major MS patches, that's just asking for
disaster. If a company is going to make the choice to not install patches
frequently, they should be running something other than Winblows. Just my
.02 though...

Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnet.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index
  -----Original Message-----
  From: John Smith [mailto:c00per_omers1@yahoo.com]
  Sent: Tuesday, August 12, 2003 2:57 PM
  To: Charles Church
  Cc: ccielab@groupstudy.com
  Subject: RE: Virus Alert - W32.Blaster.Worm

  My reply to your rant ( next time just reply to me rather than the whole
world thanks.. )

  If your company builds your laptop or recycles one for you, do you assume
it is upto date? ( or do you believe in makes an ass of u and me) If they
don't make service pack 4 available, do you go ahead and install it?

  Hum, I have better things to do than always install the latest not so
great MS patch out there. Since they haven't made service pack 4 available
I'm not about to go MS and get it myself and findout I now have other
problems which our IS team will not support. Luckily they have service pack
3 all ready and tweaked for our use, same thing goes for all the security
patches, they only have 6 or so which they feel are relevant, so do I now go
to the MS site and use the update tool and go and update anything and
everything ( especially when they say can not be uninstalled) or do I follow
the company policy and only update when they say to update and not be in
violation of the company policy.

  Yes it's tricky, and can lead to problems when your away on vacation and a
virus or worm comes out ( as happened in my case) and since you didn't login
you're now vulnerable, but on the other hand, leave it to the security team
to test each one and when it's certified it works with all the apps etc,
then install if required.

  I'd have to say not bad, 1st virus I caught since 94 on my laptop ( never
had one on any servers I'm responsible for), if only the flu or common cold
worked that way.

  Now lets get back to working on Cisco, Many Thanks to all for their help
and opinions.

  Charles Church <cchurch@wamnet.com> wrote:
    Not meaning to flame anyone, but why the hell are you only installing
W2K
    SP3 now? It's been out a year. With all the security holes that MS
    products have, whether you're responsible for 1 machine or 1000, you
really
    need to be checking for (and installing) critical updates once a week at
a
    minimum. There's really no excuse. Us Cisco people shouldn't have to put
    up with this crap because the server and workstation people aren't
keeping
    up on security holes. Sorry. Rant over.

    Chuck Church
    CCIE #8776, MCNE, MCSE
    Wam!Net Government Services
    13665 Dulles Technology Dr. Ste 250
    Herndon, VA 20171
    Office: 703-480-2569
    Cell: 703-819-3495
    cchurch@wamnet.com
    PGP key:
http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index

    -----Original Message-----
    From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
    John Smith
    Sent: Tuesday, August 12, 2003 12:10 PM
    To: MADMAN; Snow, Tim
    Cc: 'ccielab@groupstudy.com'
    Subject: Re: Virus Alert - W32.Blaster.Worm

    I got hit with it as well. I was wondering what this msblaster.exe was
doing
    in the taskmgr.... a google search brought me to realize it was a worm.

    I updated Win 2K Pro to service pack 3 added the MS fix, then went to
    symantec, got the latest virus sig file ( which started to tell me 30
times
    I had the worm... ) and used their exe to fix the problem. They got rid
of
    the worm, the msblaster.exe, fixed the registry settings.

    Now all I need to do is get my taskmgr working again, cause I can't see
my
    the buttons to change to view the utilization and can't shut it down
without
    killing the taskmgr process (luckily the only screen available)

    MADMAN wrote:
    Yes I was fortunate enough to get paged yesterday evening regarding
    this. Here is some more! info for those so inclined:

    Dave

    Snow, Tim wrote:
> Anyone else going through the W32.Blaster.Worm?
>
>

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.htm
> l
>
> Big pain in the ....
>
> Tim
>
>
> Timothy Snow
> CCIE #12042
> EDS - Network Operations
> MS 3B
> 1075 W. Entrance Drive
> Auburn Hills, MI 48326
>
> * phone: +01-248-754-7900
> * mailto:timothy.snow@eds.com
> pager: 888-351-4584
> www.eds.com
>
>
>

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:57 GMT-3