Summary thread of all the others, as there's still lots of people suffering out there... I'm no expert, there's plenty on here, but we're still seeing many threads with confusion in them.

Everyone running Windows XP, Windows NT 4.0 Server, or Windows 2000 must install a patch as they are at risk from, believe it or not, ****e coding from Microsoft which allows people to take over your PC. Well, that's the simple explanation...

To check for and cure infections, run Stinger, available from
http://vil.nai.com/vil/averttools.asp#stinger

Run this BEFORE you patch.

To get the absolutely utterly essential patch, visit
http://www.microsoft.com/technet/tre...n/MS03-026.asp
and download the right one for your OS. If you're a home user running xp, you will be running the 32 bit version.

You need to install the patch whether you are infected or not and it's a good idea to patch even if you're behind a firewall.


How to minimise risk of something like this getting you in the future:
- run a firewall (software or hardware) and know how to configure it
- keep an eye on critical alerts from MS and patch when appropriate.

Hope this helps someone and saves frustration.

Cheers,
Nick.

 

Good idea, too many threads on the same subject

I'd like to know if any Windows sysadmins out there are getting fed up with the frequency of these occurances and are considering moving to other platforms? It doesn't impact me too much but I know I'm sick to death of having to keep reading up on yet-another-windows-virus Wonder if anyone will ever sue Microsoft for the lost company time? Are they even responsible? Who do you blame?

Steve.

 

You blame MS for the crap quality control but then realise exactly how much more everything would cost if it were tested to the n'th degree.

Open source at least allows inspection of and fixing of code, but that ain't great.

Microsoft are an easy target as they're the most successful. Before long, we'll see many more well publicised Linux hacks of a similar nature but probably not quite as severe... Although bugs / vulnerabilities in the kernel could conceivably cause utter chaos.

Cheers,
nick.

 

Good stuff Chiark. Can everyone keep to this thread now please? Keeps all the discussion in one place and saves repeating the important URLs.

I note quite a few corporate LANs are affected now, despite being firewalled off. One possible avenue of entry is via VPN'd home workers with un-patched PCs.

Cheers,

Chris.

 

ChrisB,

That's exactly how it got us. We have a fully patched ISA server for a firewall but were still infected. We now know it came from our remote users who use their own ISP's and a VPN to access the network.

We've just completed patching 500 internal PCs and have disabled the VPN accounts until users can bring their laptops in to be patched. (they didn't like that)

Does anyone know if there is anything else we can do to secure the remote users? We thought about personal firewals but that would be an admin nightmare.

Thanks.

Steve.

 

Can u reconfigure your VPN access to be slightly protected, as if it were a DMZ, and only allow certain traffic through by using a default deny policy rather than a default allow? I guess this would be quite a headache to set up, but it should protect you.

 

BTTT for Friday...

 

...and in case anyone's still struggling, here's a mirror of the stinger and patches:

http://www.chiark.com/blasterfix/

Cheers,
Nick.

 

Cheers Nick

Tony
(Just fixed a customers PC that I was called out to)

 

just a quick note...

i keep getting sent viruses from "big@boss.com"

dunno if that information is helpful to anybody or not, cos despite being computer literate when it comes to coding, patches and stuff i'm lost!!!

o.