Anyone else's company been hit by the latest Zotob worm?
I've spent the last two working days patching machines against it, and I'm FED UP!
>800 machines + manual patching = very unhappy IT dude
Anyone else's company been hit by the latest Zotob worm?
I've spent the last two working days patching machines against it, and I'm FED UP!
>800 machines + manual patching = very unhappy IT dude
Any reason why you patching it manually with that amount of machines?
Nope, no viruses here. Last time i've worked at a company that got a virus was 2002 when nimda hit and that was the last time i felt that kinda pain heh.
TiG
-- Hexus Meets Rock! --
I think it causes restarting (or at least some variants do). I think it behaves like Blaster in that it spreads itself so long as there's an internet connection. If you want, you can wait for the other variants to arrive and try and kill the other variants.
http://news.bbc.co.uk/1/hi/technology/4162124.stm
http://www.f-secure.com/weblog/
The last and only virus I got was Wazoo (I think that's its name), back in the days of Windows 3.1. No need for firewalls back then! (Well, no internet back then!) I remember installing Office using about thirty floppy disks... and hoping that one didn't decide to break suddenly.
Last edited by mike_w; 18-08-2005 at 03:32 PM.
"Well, there was your Uncle Tiberius who died wrapped in cabbage leaves but we assumed that was a freak accident."
http://securityresponse.symantec.com...2.zotob.e.html
We do actually have an Altiris system in place that allows us to deploy the updates automatically over the network, but the guys in the technical services group are taking their sweet time over getting it ready for deployment, so in the interim we're having to do it by hand. We're running win2k primarily (upgrading to XP as of next week, hilariously), and over the years the base build for these machines has had SO many security updates applied to it that it's just stupidly slow. It hasn't actually infected many, but it's been incubating on a fair amount of systems so we're having to make sure it's eradicated.
Ah, shame it doesn't hit here.
5 council office sites.
God knows how many machines but there's about 1 per person.
6014 3DMk 05Originally Posted by Errr...me
Yup, someone gave me a floppy with the virus on. It was quite annoying though - it affected Word if memory serves.Originally Posted by ajbrun
"Well, there was your Uncle Tiberius who died wrapped in cabbage leaves but we assumed that was a freak accident."
Ooh, days of floppy deaths. I found them to be really unreliable. However before I started using CDs and DVDs modern floppies aren't like they used to be!Originally Posted by mike_w
Win 3.1 + DOS 6 disks, just hoping on a clean install a disk doesn't go corrupt.... that was fun computing.
Why not do a streamline install?Originally Posted by da.Guvna
Never heard of Altaris..... SUS server.
Hey Guvna - any reason why your network/firewall admin can't block TCP Port 445? That's how Zotob is spreading... and it'd save your bacon from patching 800+ systems
Most decent (hardware/corporate level) firewalls have released updates that can detect & block this worm.
I work for a large multi-national company that is in a highly regulated industry (can't really tell you much more than that). Basically, all software and configurations of that software have to be thoroughly tested, approved, then have it's exact installation parameters documented and signed off by about 6 very busy people before we can even think about putting it on a workstation.Originally Posted by timread
We have a dedicated team that handles all the firewalls, anti-virus, etc. in the server centre, and anything else to do with IT security in Europe/Middle East/Africa.
Before they're allowed to block any ports, or change any configurations, they have to perform a risk assessment on the possible impacts it could have on business systems, including a 'back-out' path should things go awry.
We run a LOT of really bizarre software packages, not just your average Microsoft Office rubbish.
So basically, it is entriely possible that they could block those ports off, but until they've had time to check through every last bit of documentation to find out which software is using which ports, and then do the relevant testing, those ports will remain open.
....you have no idea how frustrating it is working for this company, haha!
Haha, actually, I'd say it's more of an advert to install something that scans on-access, like AVG.....although, unless your PC reasonably recent (say 2 years old) it'd probably just annoy you.Originally Posted by dew1911©
There are currently 1 users browsing this thread. (0 members and 1 guests)