[SGVLUG] ack -- finally got "wormed" at work

Robert Leyva Robert.Leyva at warnerbros.com
Tue Aug 16 18:32:16 PDT 2005


Try downloading and installing clamwin (clamwin.com)?

Me

Tom Emerson wrote:
> Well, it finally happened -- or rather, I should say, "if finally happened TO 
> ME" -- but the computer I use at work(*) fell victim to a worm.  Now, I pride 
> myself on being pretty good about not opening "suspicious" stuff, and I don't 
> have any qualms about leaving the system "on" overnight on tuesday nights so 
> the admins can mass-update the company's computers, but it looks like this 
> was one not even my "best practices" could avoid. (see below)
>
> From the looks of it, "zotob" has struck, and used a known-for-a-week-now 
> security hole in MS's plug-n-play subsystem.  Unfortunately, I had to come 
> home to use my linux system to find out about it -- my computer was "forcibly 
> shutting down" within a minute after logging in.  (tried to open a browser to 
> check www.cert.org, but couldn't connect before the system rebooted...)
>
> This article in information week points out that it uses anonymous access, 
> thus giving me a little sense of relief in that I didn't "do anything" to 
> enable it to attack my computer (such as open an e-mail or browse to an 
> infected site)
>
> http://informationweek.com/story/showArticle.jhtml?articleID=168602115
>
> The article mentioned that once infected, it uses ftp to propagate, which  I 
> kind of figured was the case because at one point during the boot-up process 
> I immediately started the "task manager" and noticed that the "tftp" process 
> was executing!  [and no, I couldn't kill it -- I tried]
>
> Tom
>
> (*) yes, it's a windows system at work -- while I know worms are far more 
> likely to strike a windows system, I'm pragmatic about the whole thing: it 
> does pay the bills quite nicely...
>
>   

-- 
---
"Knowledge is Power." -- Francis Bacon

Robert Leyva 
(Robert.Leyva at warnerbros.com)
Software Engineer
Warner Bros. Online



More information about the SGVLUG mailing list