Well think of other avenues of attack, VPN, Dial-up unpatches systems being
connected to your systems by vendors, just many many ways around the fun
"firewall will protect us from everything"
-----Original Message-----
From: Meni Milstein [mailto:meni (at) menimilstein (dot) com [email concealed]]
Sent: Monday, August 15, 2005 2:00 PM
To: 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039
As far as I know, if you are firewalled correctly and have your 445 tcp port
shut to the outside - this thing should NOT be able to get in.
Am I wrong?
Meni Milstein.
http://www.lcs-guides.com
-----Original Message-----
From: Mike [mailto:mjcarter (at) ihug.co (dot) nz [email concealed]]
Sent: Monday, August 15, 2005 3:41 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Virus Outbreak Attacking MS05-039
Hi List,
Yesterday one of my customers was hit hard by what appears to be a variant
of zotob.
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
This one was very (noisy) crashing services.exe and forcing re-boots on
unpatched WIN2K machines. The boxes we've had a chance to look at were not
infected, but were unpatched. We hope to have samples today from the same
network and have a closer look.
It's time to get patching!
Regards
Mike
Mike
Information Security and Logistics
www.infosec.co.nz
connected to your systems by vendors, just many many ways around the fun
"firewall will protect us from everything"
Z
Edward Ziots
Network Engineer
Windows/Citrix Administrator
Lifespan Organization
MCSE,MCSA,MCP+I,M.E,CCA, Security +, Network +
eziots (at) lifespan (dot) org [email concealed]
401-639-3505 (Cell)
401-444-6926 (Office)
401-350-5284 (Pager)
-----Original Message-----
From: Meni Milstein [mailto:meni (at) menimilstein (dot) com [email concealed]]
Sent: Monday, August 15, 2005 2:00 PM
To: 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039
As far as I know, if you are firewalled correctly and have your 445 tcp port
shut to the outside - this thing should NOT be able to get in.
Am I wrong?
Meni Milstein.
http://www.lcs-guides.com
-----Original Message-----
From: Mike [mailto:mjcarter (at) ihug.co (dot) nz [email concealed]]
Sent: Monday, August 15, 2005 3:41 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Virus Outbreak Attacking MS05-039
Hi List,
Yesterday one of my customers was hit hard by what appears to be a variant
of zotob.
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
This one was very (noisy) crashing services.exe and forcing re-boots on
unpatched WIN2K machines. The boxes we've had a chance to look at were not
infected, but were unpatched. We hope to have samples today from the same
network and have a closer look.
It's time to get patching!
Regards
Mike
Mike
Information Security and Logistics
www.infosec.co.nz
[ reply ]