Viruses....GRRRR!

[da.Guvna]

Anyone else's company been hit by the latest Zotob worm?

I've spent the last two working days patching machines against it, and I'm FED UP!

>800 machines + manual patching = very unhappy IT dude

[ajbrun]

What does it do? How would you know if you had it? All I've heard about it is its name, and that it doesn't have to be opened like a normal virus - it spreads itself.

[TiG]

Any reason why you patching it manually with that amount of machines?

Nope, no viruses here. Last time i've worked at a company that got a virus was 2002 when nimda hit and that was the last time i felt that kinda pain heh.

TiG

[mike_w]

I think it causes restarting (or at least some variants do). I think it behaves like Blaster in that it spreads itself so long as there's an internet connection. If you want, you can wait for the other variants to arrive and try and kill the other variants.

http://news.bbc.co.uk/1/hi/technology/4162124.stm
http://www.f-secure.com/weblog/

The last and only virus I got was Wazoo (I think that's its name), back in the days of Windows 3.1. No need for firewalls back then! (Well, no internet back then!) I remember installing Office using about thirty floppy disks... and hoping that one didn't decide to break suddenly.

[da.Guvna]

http://securityresponse.symantec.com...2.zotob.e.html

We do actually have an Altiris system in place that allows us to deploy the updates automatically over the network, but the guys in the technical services group are taking their sweet time over getting it ready for deployment, so in the interim we're having to do it by hand. We're running win2k primarily (upgrading to XP as of next week, hilariously), and over the years the base build for these machines has had SO many security updates applied to it that it's just stupidly slow. It hasn't actually infected many, but it's been incubating on a fair amount of systems so we're having to make sure it's eradicated.

[Dougal]

Ah, shame it doesn't hit here.

5 council office sites.

God knows how many machines but there's about 1 per person.

[ajbrun]

The last and only virus I got was Wazoo (I think that's its name), back in the days of Windows 3.1. No need for firewalls back then! (Well, no internet back then!) I remember installing Office using about thirty floppy disks... and hoping that one didn't decide to break suddenly.

How did you get a virus without the internet? Was it a dogey floppy or something?

[mike_w]

How did you get a virus without the internet? Was it a dogey floppy or something?

Yup, someone gave me a floppy with the virus on. It was quite annoying though - it affected Word if memory serves.

[Matt1eD]

I think it causes restarting (or at least some variants do). I think it behaves like Blaster in that it spreads itself so long as there's an internet connection. If you want, you can wait for the other variants to arrive and try and kill the other variants.

http://news.bbc.co.uk/1/hi/technology/4162124.stm
http://www.f-secure.com/weblog/

The last and only virus I got was Wazoo (I think that's its name), back in the days of Windows 3.1. No need for firewalls back then! (Well, no internet back then!) I remember installing Office using about thirty floppy disks... and hoping that one didn't decide to break suddenly.

Ooh, days of floppy deaths. I found them to be really unreliable. However before I started using CDs and DVDs modern floppies aren't like they used to be!

Win 3.1 + DOS 6 disks, just hoping on a clean install a disk doesn't go corrupt.... that was fun computing.

nd over the years the base build for these machines has had SO many security updates applied to it

Why not do a streamline install?

Never heard of Altaris..... SUS server.

[timread]

Hey Guvna - any reason why your network/firewall admin can't block TCP Port 445? That's how Zotob is spreading... and it'd save your bacon from patching 800+ systems

Most decent (hardware/corporate level) firewalls have released updates that can detect & block this worm.

[da.Guvna]

Hey Guvna - any reason why your network/firewall admin can't block TCP Port 445? That's how Zotob is spreading... and it'd save your bacon from patching 800+ systems

Most decent (hardware/corporate level) firewalls have released updates that can detect & block this worm.

I work for a large multi-national company that is in a highly regulated industry (can't really tell you much more than that). Basically, all software and configurations of that software have to be thoroughly tested, approved, then have it's exact installation parameters documented and signed off by about 6 very busy people before we can even think about putting it on a workstation.
We have a dedicated team that handles all the firewalls, anti-virus, etc. in the server centre, and anything else to do with IT security in Europe/Middle East/Africa.
Before they're allowed to block any ports, or change any configurations, they have to perform a risk assessment on the possible impacts it could have on business systems, including a 'back-out' path should things go awry.
We run a LOT of really bizarre software packages, not just your average Microsoft Office rubbish.

So basically, it is entriely possible that they could block those ports off, but until they've had time to check through every last bit of documentation to find out which software is using which ports, and then do the relevant testing, those ports will remain open.

....you have no idea how frustrating it is working for this company, haha!

[da.Guvna]

Virus, don't get me started. I tried scanning last night.

Norton Found: 26 (Not quickly, or economically, but it got the job done)
Ad-Aware Found: 15 (Quckly).

Now, that's an advert to check regular.

Haha, actually, I'd say it's more of an advert to install something that scans on-access, like AVG.....although, unless your PC reasonably recent (say 2 years old) it'd probably just annoy you.