Did the Blaster Worm get YOU?

E

energy

#1
Did the Worm get YOU?

Okay, my questions have been answered. Here's another one. Anybody get hit with the worm blaster virus? We did and it took about 3 hours to fix it. Yes, I did it all by my lonesome. For a computer novice it was sense of accomplishment. Put in a firewall, downloaded the recommended patches from Mickey Soft and managed to update Norton's virus definitions before those PIA shutdowns. :)
 
Elsmar Forum Sponsor
#2
Good question Energy,

Personally, the only thing I noticed was that the internet suddenly reminded me of Speedy Gonzales. Everything worked at lightning speed. Not really the effect one would have expected, eh?

The simple reason seems to be that very few people were online. Either they couldn't log on or maybe they were clever enough not to, I don't know. One Swedish newspaper posted a poll where over 35% claimed to have been affected in some way.

It's big and bad, allright... :eek:

/Claes
 
E

energy

#3
The typical shutdown was after about 20 minutes on line. Then you had 60 seconds to save work and then you were down.

Web Worm Hits Windows, Crashes Computers

Updated 6:36 PM ET August 12, 2003


By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - An Internet worm called "Blaster" that attacks Windows operating systems spread across the globe on Tuesday, infecting and crashing home and office computers faster than technicians could install safeguards.

A computer security expert said the worm, which specifically targets computers running Windows XP and Windows 2000, could spread for a few days before tapering off.

At least 124,000 computers using Microsoft Corp.'s <MSFT.O> Windows software have been infected worldwide, according to a sample by Symantec Corp.'s Security Response sensor network.

"Corporate networks are getting hit pretty hard," said Alfred Huger, a senior director of engineering at Symantec. "Hundreds of machines are spontaneously rebooting throughout the environment."

Johannes Ullrich of the SANS Institute said the rate at which the worm was spreading seemed to be slowing a bit late Tuesday afternoon. SANS (SysAdmin, Auditing, Networking and Security Institute) is a security training and information organization based in Bethesda, Maryland.

Russ Cooper of TruSecure Corp., a security services provider in Herndon, Virginia, said peak worm activity had occurred between 2 a.m. and 3 a.m. eastern time on Tuesday.

Computers infected by Blaster scan the Internet looking for other machines running Windows that have an open security hole -- one that has not been "patched" or given a fix from Microsoft. The worm then sends itself to those computers.

Windows 2000 and XP computers in North America were getting scanned or infected after being connected to the Internet for an average of 25 minutes, Huger said.

Although some corporate networks were slowed by the worm, no impact on overall Internet traffic was detected.

The worm, also called MSBlaster or LoveSan, surfaced on Monday in the U.S. and quickly spread, taking advantage of a security hole discovered last month in Windows 2000, Windows XP, Windows NT, and Windows Server 2003 operating systems.

Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.

POORLY WRITTEN

The worm crashes some systems and infects others, but otherwise does no damage, Microsoft said.

"It's certainly not a good thing," Microsoft spokesman Sean Sundwall said. But, "it has not spread at the speed with which more notorious worms, such as Slammer and I Love You and Code Red, did."

That is because the worm was poorly written, according to Symantec's Huger, who said that new variations of it could be more virulent.

David Perry of Trend Micro, an anti-virus vendor based in Tokyo, noted that Slammer targeted SQL Server and Code Red targeted Microsoft's Web server program, which were used on fewer computers than XP and Windows 2000.

With Blaster, there are "100 million to 200 million machines that can be infected in the world, rather than a quarter of a million," Perry said.

Because Blaster does not spread through e-mail like worms typically do, most anti-virus software will not block it. However, anti-virus applications will let computer owners know if they have been infected and can help clean up the worm.

European and Asian anti-virus firms said they had heard from corporations were infected as their systems went online. Some government agencies in the U.S. reported widespread systems problems.

The state of Maryland closed 23 Motor Vehicle Administration offices at mid-day and the system was shut down to apply patches, said spokesman Jack Cahalan.

The computer network at Philadelphia's City Hall was also hit by the worm, according to a city official. Stanford University said 2,500 computers were infected and a Department of Homeland Security spokesman said there were sporadic reports from federal agencies of computers hit by the worm.

The patch is available at http://www.microsoft.com/security/. (Additional reporting by Bernhard Warner in London, Yoo Choonsik in Seoul and Andrea Orr in San Francisco)
 
Last edited by a moderator:
E

energy

#5
I would get a NT Scanner Error message and then you watch the clock that tells you how much time you have left to save work before your computer automatically reboots. A real PIA. Intitially it happened after 20 minutes on line. Then, I could be doing some documentation in Word and it would come on every 5 minutes or so. The difficult part of fixing it was being able to stay on line long enough to update your Virus Defintions. (Norton). Being a brand new virus and the automatic update was done a week ago, I think, the worm was blasting away at our WindowsXP system. I noticed a problem late in the day, the day before. Maybe it had babies.:)

Actually, here's the error message:

"NT Access Scanner Service has encountered a problem and needs to close. Sorry for the inconvenience." Then it tells you save all work.
 
Last edited by a moderator:
R

Randy Stewart

#6
My software came up with a warning that the virus had been found and quarantined. It found it in one of the Temp Internet Files. It didn't get a chance to infect my home computer and at work we have so much security on our servers it was no problem.
 
B

Bob_M

#7
I'm not sure what happened.

Monday (during pre-assessment) our HR mgr downloaded a MS update via the update page (possibly) and did the required reboot. After that she could not get beyond the blue/green screen of NT4 (no login option). After some bad advise from a "tech" person we've used before, machine got really screwed up.

I don't think it was the baster, but she thinks it is because of the timing.
Whatever!

Anyways I tried to repair NT with no luck.
2 installs of windows 2000 later its working again (long story).
Long boring tuesday and wednesday... :ko:

P.S. This is the computer that our Time Clock and Direct Deposit Hardware/Software is connected to. Surprisingly we got them both up and running with minimal tech support! :eek:
 
Last edited by a moderator:
#8
No problem, we have a very well informed computer staff that tkes care of everything before we even boot-up in the morning.
 
E

energy

#9
It took awhile

Randy Stewart said:
My software came up with a warning that the virus had been found and quarantined. It found it in one of the Temp Internet Files. It didn't get a chance to infect my home computer and at work we have so much security on our servers it was no problem.
After I updated Norton, I did a full sytem virus scan with no worm detected. In fact, after the scan, I had 2 more shutdowns and began to doubt the existance of virus. I figured if I stayed off line until I figured it out, I could get some other work done. I prepared some Customer Surveys, yes we send them out after every job, when I got the dreaded shutdow warning. I saved everything and was scowling at the screen when Norton's "Virus Detected" message popped up behing the NT Scanner Message. It automatically deleted the W32.Blaster.com worm. The machine rebooted and did not shut down anymore. Then I went on line and had the Firewall Installed and download the recommended patches from Mickey Soft. Good to go. :bonk:
 
Thread starter Similar threads Forum Replies Date
Marc Quiz - Where did the idea of an assembly line come from? Coffee Break and Water Cooler Discussions 4
S Where did FDA 510(K) form 3654 go? Other US Medical Device Regulations 1
A Drawing Issue with Supplier - xb file did not match that of the pdf drawing Nonconformance and Corrective Action 4
Marc How did you "get" a full-time job? (A 2017 discussion) Career and Occupation Discussions 11
Marc When did you first use what we call E-Mail (aka email) today? Coffee Break and Water Cooler Discussions 17
Q Did you use consultants for UDI? Other US Medical Device Regulations 4
B How did you grow your QMS in a Job Shop? Quality Manager and Management Related Issues 11
B Did UL 60601-1 change when the IEC 60601-1 standard changed to the 3rd edition? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
T Test Report - Customer Signature - Customer did not witness test General Measurement Device and Calibration Topics 2
Marc Just for fun - How did you find the Elsmar Discussion Forum Forum News and General Information 9
GStough Is "Did Not Follow Procedures" Sufficient for RCA? Problem Solving, Root Cause Fault and Failure Analysis 30
Wes Bucey Did somebody drop the ball at Boeing? Quality Manager and Management Related Issues 38
Marc Did Stone Age cavemen talk to each other in symbols? Coffee Break and Water Cooler Discussions 7
A The auditor documented that we did not have control of Outsourced Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Hershal Travel! Where have you been of late? What did you see? What do you think? Travel - Hotels, Motels, Planes and Trains 15
T Did any of you use these sticks and rocks? Funny Stuff - Jokes and Humour 32
Q AS9100B Clause 7.5.1.5 - Where did it go in AS9100C? Servicing/Post Delivery Support AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
Jim Wynne What did they do before Powerpoint? Funny Stuff - Jokes and Humour 3
Hershal How did you spend New Years? 2009 Coffee Break and Water Cooler Discussions 8
P New Year Goals and Resolutions - Did you keep your goals and resolutions in 2009? Coffee Break and Water Cooler Discussions 5
M Where did "breakpoint" analysis come from? AIAG MSA book Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
JoCam We did it!!! ISO 13485:2016 - Medical Device Quality Management Systems 7
L Where did the name Elsmar come from? Coffee Break and Water Cooler Discussions 17
N CQC (China Quality Certification) did not issue an Audit Report ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
T Passed our registration audit - Well we did it!!!!!!! ISO 13485:2016 - Medical Device Quality Management Systems 16
P NC from TS16949 stage 2 audit - Internal Auditing - Auditor did not record evidence General Auditing Discussions 15
D Out of tolerance gauge blocks - How did these blocks go out of tolerance? General Measurement Device and Calibration Topics 21
Wes Bucey Laid off? Downsized? What did you learn? Career and Occupation Discussions 80
M TUV NCR 1 - Internal Audit did not audit the second shift Internal Auditing 26
R Looking for a link to a story - Because Nobody did it, the project didn't get done Coffee Break and Water Cooler Discussions 4
Ajit Basrur Certified Biomedical Auditor (ASQ) - What study materials did you use? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 6
Govind Did you know about ASQ Membership value Assessment Calculator? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 5
Govind ISO 10031- Did you know about this standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Wes Bucey Why did they need laptops in the first place? After Work and Weekend Discussion Topics 20
M Did anyone take the CSQE exam on saturday (6/3/2006) Professional Certifications and Degrees 6
C How did you survive your childhood? Coffee Break and Water Cooler Discussions 31
C Why did you not choose mechanical engineering? Interview Question Career and Occupation Discussions 6
C Career Change Question - Why did you choose Quality Engineer as starting job? Career and Occupation Discussions 3
SteelMaiden ISO 14001 certification yesterday afternoon - We did it! ISO 14001:2015 Specific Discussions 15
J Happy 2006 - How did you ring in the New Year Coffee Break and Water Cooler Discussions 16
P Why did ISO assign the number 16949 to TS 16949? Why not 123456 IATF 16949 - Automotive Quality Systems Standard 7
G Green Buildings And Leed - Did anyone go to "greenbuild" in Atlanta last week? Sustainability, Green Initiatives and Ecology 7
J TS 16949 8.5.2 Corrective Action - Auditor did not like the customer related form Nonconformance and Corrective Action 13
I We Did it!! Recommended for TS 16949 certification IATF 16949 - Automotive Quality Systems Standard 8
Marc Acronym DID - Acronym Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 0
Q SPC Terminoloy & Jargon: Cpk, Ppk etc.: How did it evolve? Capability, Accuracy and Stability - Processes, Machines, etc. 8
Wes Bucey ASQ (American Society for Quality) By-Laws Changes - How did you vote? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 15
Q Curiosity... The popularity of ISO 9001 if NA Automakers did not require it ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
B Question about AQL - Why did the customer reject our products??? AQL - Acceptable Quality Level 6
Govind Did Ken throw away his game? Coffee Break and Water Cooler Discussions 24

Similar threads

Top Bottom