internet slow cuz of Sasser worm?

kensuguro · Post by **kensuguro** » Fri May 07, 2004 10:01 am

Everyone, go to Microsoft update and install update 835732.

A friend of mine was recently attacked by the sasser worm, and I helped him kill it. Anyhow, Sasser types ABC and D are on the loose so beware. From what I read, Sasser moves around without using e-mail, so it can strike anyone on the net.

What happens when you get Sasser is that the worm uses your net resources and causes one of the internet kernels to crash. So, your machine crashes in something like 60 secs after your network card's been initialized during the bootup process. Sasser only strikes on XP and 2000 machines.

When you get sasser, you can't connect to the net untill you shut down sasser. Pull out your LAN chord, and go into task manager to find Sasser's thread.

End any process beginning with 4 or more numbers and

siberiansun · Post by **siberiansun** » Fri May 07, 2004 10:50 am

thanks Ken.

creating/spreading viruses is as clever as pissing on a spark plug.

bassdude · Post by **bassdude** » Sat May 08, 2004 6:02 am

.....Any machine that doesn't have update 835732 can get the worm and spread it.

Or stick a hardened router/firewall in between the net and your computer which is much easier than installing updates for every hole discovered in windows.

astroman · Post by **astroman** » Sun May 09, 2004 10:16 am

they expect a huge number of corporate networks to be polluted by (infected) notebooks connected internally (behind the corporate firewall)

<font size=-1>[ This Message was edited by: astroman on 2004-05-09 11:16 ]</font>

kensuguro · Post by **kensuguro** » Sun May 09, 2004 11:01 am

hey, just saw on the news. Cops arrested the guy that wrote Sasser and a few other worms. Must be one of the few cases I've seen where a worm writer gets busted. Has this happened before? (for worms?)

Spirit · Post by **Spirit** » Sun May 09, 2004 11:14 am

I remember one of the virus writers in the US who included his website domain in the package - and it was registered with his real name & address

Stubbe · Post by **Stubbe** » Sun May 09, 2004 3:28 pm

On 2004-05-09 12:01, kensuguro wrote:
hey, just saw on the news. Cops arrested the guy that wrote Sasser and a few other worms. Must be one of the few cases I've seen where a worm writer gets busted. Has this happened before? (for worms?)

AFAIK someone in the community told the police and Microsoft about the fella, probably (hopefully) a consequence of the world getting tired of these relentless and (almost) pointless self-manifestations

astroman · Post by **astroman** » Sun May 09, 2004 3:50 pm

while I basically agree with you on that last sentence, it's also remarkable that M$ left system security in such a vulnerable state.
The technical background is just too ridiculuous.

If you leave a car on the street with the key inserted and a kid feels invited to some nonsense, the car holder is responsible.

In this case M$ should be the one, as the licensee of the OS doesn't have a chance to protect a system which seems to be supplied with countless hidden backdoors for whatever obscure purposes.

cheers, Tom

Post by **hubird** » Sun May 09, 2004 4:41 pm

Spirit · Post by **Spirit** » Sun May 09, 2004 7:39 pm

On 2004-05-09 16:50, astroman wrote:

If you leave a car on the street with the key inserted and a kid feels invited to some nonsense, the car holder is responsible.

Have things degenerated so far that you would blame the victim and not the thief ?

Post by **hubird** » Sun May 09, 2004 8:55 pm

astroman · Post by **astroman** » Sun May 09, 2004 9:03 pm

first things first, Spirit

a car is a potentially dangerous item, specially in the hands of unaware, unconcious or even unable drivers

the car holder is responsible to reduce the above mentioned risk to a minimum, which means LOCK and REMOVE the key.
... it wouldn't be such a bad idea if some exclude themselves from using the vehicle, but that's another story...

so in the first place it's an en-dangering (?) of traffic - if the action is also considered a theft is a separate case

cheers, Tom

at0m · Post by **at0m** » Sun May 09, 2004 9:20 pm

astroman gives an example that very well describes how Microsoft provocates.

Many people who buy a computer have no idea what a firewall does. XP has one built-in, so why get another one? The built-in firewall has no control over outgoing traffic for example, while built-in features as Remote Desktop are listening by default. Why have all these ports open if you don't use them? I'm still struggling with making it safer, after a couple of years of computer experience. Let alone people who just bought their machine in the supermarket. I see it every virus wave, who get's it and who doesn't. Many don't realise it, they don't know or want to think of setting it up securely. Just insert the factory cd, copy over the image, and party on. Usually it's too late, damage done.

I hope to have a LAN that isn't too vulnerable. It took long time to find out about on how I'd secure it. I'm still learning. But it's not my machine I'm afraid for. It's millions of computers that quite can easily be taken and given instructions via the web.

The attacks we've seen this far were mostly chain reactions set up by 'hobbyists'. How old was the maker of the 'I love you' virus again? I hold my breath for the destruction a well organised team of specialists could cause.

[edit] You get fined here for not wearing a belt when driving, why do you get away with letting your machine be used as part of WMD?

One of my favorite pages on network security: http://grc.com/

<font size=-1>[ This Message was edited by: at0mic on 2004-05-09 22:47 ]</font>

Spirit · Post by **Spirit** » Mon May 10, 2004 12:36 am

OT: Astroman, I get your point. If I left a ready chainsaw outside my house and some kid came up and started fiddling, sure it would be my fault.

But a car ? A matter of degree perhaps. If the kid was too young to know better then the fault is primarily with its parents. If the kid does know right and wrong then it is old enough to take the consequences. I suppose I'm just bigger on the "personal responsibility" idea.

Spirit · Post by **Spirit** » Mon May 10, 2004 12:45 am

Atomic, I think computers are still an emerging technology and you can't expect an operating system devised many years ago (in IT terms) to respond well to all the threats of today.

And surely Microsoft wouldn't deliberately build a flawed system with poor security. Maybe they are guilty of not delivering a brilliant product, but that's all imho.

Who can forsee what the dominant IT threats will be three or five years from now ? Some sort of wireless sniffing thing; something to do with satellite uplinks; or maybe voice technology; streaming media infections; code of some sort that disables monitors or emits high-pitched squealing from your soundcard (hmm, rather like that last one) ?

As for an expert attack, perhaps this has already happened (or is happening). It's certainly been one of the more obvious threats of the past few years.

We'll only have a good idea what's going on now in about 20 years time.

Stubbe · Post by **Stubbe** » Mon May 10, 2004 4:30 am

On 2004-05-09 16:50, astroman wrote:
while I basically agree with you on that last sentence, it's also remarkable that M$ left system security in such a vulnerable state.
The technical background is just too ridiculuous.

If you leave a car on the street with the key inserted and a kid feels invited to some nonsense, the car holder is responsible.

In this case M$ should be the one, as the licensee of the OS doesn't have a chance to protect a system which seems to be supplied with countless hidden backdoors for whatever obscure purposes.

cheers, Tom

Let me elaborate; it seems that many of the newly created vira are made AFTER M$ has released the bugfixes. I do agree, that M$ should be kept on their toes and improve their stuff and one way to do this is writing vira, right or wrong.

But nowadays a lot of hackers are trawling through the released bugfixes in order to attack the users that have not downoaded these fixes. That's not constructive, that's not very creative in my book.

astroman · Post by **astroman** » Mon May 10, 2004 6:10 am

On 2004-05-10 05:30, Stubbe wrote:
...But nowadays a lot of hackers are trawling through the released bugfixes in order to attack the users that have not downoaded these fixes. That's not constructive, that's not very creative in my book.

Right - lazyness seems to be the most common sign of these times

But it doesn't change the situation that someone released a big pile of sh*t with a tremendous economic significance.
They made a lot of money with that stuff and their customers rely on those products as well.

This is industry, M$ wants to be treated as a part of that (protection of rights etc.), yet they refuse the most common liability rules.

The car builder has, the car owner as well, an architect, a busdriver but not a certain company because THEY(?) define what's possible according to todays standards ?

I hope they don't deduce their competence from their product quality...

Ask people what they want: email and www, possibly ftp, a phonecall and a videostream, basically a dozen ports and that cannot be made reliable - in 10 years ?
Let alone the much questioned system rights of their scripting apps.

The basic network services could be safe and only the basic stuff needs to be installed by default, so where's the problem ?
Could this result in a system that's too simple for their certyfried chickens ?

cheers, Tom

Micha · Post by **Micha** » Mon May 10, 2004 7:25 am

IMHO they're starting to understand this. At least their latest server isn't a big open bug anymore. But some wishes are hard to fulfill, like downloading freely from a secured directory...
Things like this keeps it complicated anyway.