[SGVLUG] ack -- finally got "wormed" at work
Robert Leyva
Robert.Leyva at warnerbros.com
Tue Aug 16 18:32:16 PDT 2005
Try downloading and installing clamwin (clamwin.com)?
Me
Tom Emerson wrote:
> Well, it finally happened -- or rather, I should say, "if finally happened TO
> ME" -- but the computer I use at work(*) fell victim to a worm. Now, I pride
> myself on being pretty good about not opening "suspicious" stuff, and I don't
> have any qualms about leaving the system "on" overnight on tuesday nights so
> the admins can mass-update the company's computers, but it looks like this
> was one not even my "best practices" could avoid. (see below)
>
> From the looks of it, "zotob" has struck, and used a known-for-a-week-now
> security hole in MS's plug-n-play subsystem. Unfortunately, I had to come
> home to use my linux system to find out about it -- my computer was "forcibly
> shutting down" within a minute after logging in. (tried to open a browser to
> check www.cert.org, but couldn't connect before the system rebooted...)
>
> This article in information week points out that it uses anonymous access,
> thus giving me a little sense of relief in that I didn't "do anything" to
> enable it to attack my computer (such as open an e-mail or browse to an
> infected site)
>
> http://informationweek.com/story/showArticle.jhtml?articleID=168602115
>
> The article mentioned that once infected, it uses ftp to propagate, which I
> kind of figured was the case because at one point during the boot-up process
> I immediately started the "task manager" and noticed that the "tftp" process
> was executing! [and no, I couldn't kill it -- I tried]
>
> Tom
>
> (*) yes, it's a windows system at work -- while I know worms are far more
> likely to strike a windows system, I'm pragmatic about the whole thing: it
> does pay the bills quite nicely...
>
>
--
---
"Knowledge is Power." -- Francis Bacon
Robert Leyva
(Robert.Leyva at warnerbros.com)
Software Engineer
Warner Bros. Online
More information about the SGVLUG
mailing list