Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode.php on line 2962
Funky Worm
Results 1 to 5 of 5

Thread: Funky Worm

  1. #1
    Senior Member
    Join Date
    Apr 2004
    Location
    Indiana?... We named the dog Indiana!
    Posts
    488

    Funky Worm

    Ok, so... I sat for about 5 hours at work today, doing nothing. Evidently, our network got hit by one of them there Windows network worms and those of us who were affected by it (the ones using Win2k, as it were) kept getting our workstations rebooted every 5 minutes :evil: . The intranet and the mail server were down also... Talk about a mess for over 1200 employees.

    My quesion is... How would an admin, or a group of them, go about stopping one of these? This thing propagated itself all the way out to (at least) one of our assembly plants in OH. Other than shutting down the network and cleaning out all the workstations; how would could you fix the effects of this type of virus? Would you just set some worm-sniffing software on it, or what? Somehow, I know it can't be as simple as that though...
    Steve

  2. #2
    Senior Member comtux's Avatar
    Join Date
    Sep 2004
    Location
    Wilkes Barre Pa
    Posts
    342
    What does your network look like.

    1. How many windows workstations?
    2. How many windows servers?
    3. How many unix/linux workstations?
    4. How many unix/linux servers?
    5. How many and what brand of routers, switches, hubs?
    6. Do you have recent backups of all systems?
    7. Were all computers affected or select few?
    8. Can provide a graphical layout of the network?

    If you can answer some or most of these questions ill be able to tell you how to start the cleanup process.
    Wenn Sie Spaß meines Englisch mich Willensfuckingtötung Sie bilden.

  3. #3
    Advisor beezlebubsbum's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    735
    The best way would be to make sure everyone is using Linux. Windows is shit, plain and simple! I suppose the worm must have entered the network via an email attachment, or via a download that a company would not permit. My recommendation is to scan all email entering the company before they arrive to the client, thus eliminating the spread of the worm from within the network.
    My Website: http://ttgale.com
    My Website Uptime: http://img.uptimeprj.com/holastickbo...dee9bae2e2.png
    My Server Specs: AMD Athlon X2 3800+, 2gb DDR2 RAM, 1.5TB HDD, Ubuntu 9.10
    My Gaming PC: Intel Core 2 Duo 2.93ghz, 4gb DDR2 RAM, 9800GTX+

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Location
    Indiana?... We named the dog Indiana!
    Posts
    488
    Thanks for the replies...

    Quote Originally Posted by comtux
    What does your network look like.

    1. How many windows workstations?
    2. How many windows servers?
    3. How many unix/linux workstations?
    4. How many unix/linux servers?
    5. How many and what brand of routers, switches, hubs?
    6. Do you have recent backups of all systems?
    7. Were all computers affected or select few?
    8. Can provide a graphical layout of the network?

    If you can answer some or most of these questions ill be able to tell you how to start the cleanup process.
    Well... I'm just a CAD designer who is using this system. My sys admin experience only extends to my Linux boxes at home (and that's just a hobby). I do feel sorry for the poor bastard(s) who have to clean this mess up, or who may have been careless enough to have it happen in the first place.

    In short; I can only estimate that there were at lease 1200 workstations affected by the worm (all Windows 2k, though there are some XP W/S's but they didn't seem to be affected by today's events). Don't know how many servers, total. No idea of the networking hardware (hubs and routers and such... They just don't tell us users about stuff like that). No idea of a "diagram" for the WAN/LAN layout, but if the assembly plant(s) were involved, then it should give you some idea of the scale of it.

    Quote Originally Posted by beezlebubsbum
    The best way would be to make sure everyone is using Linux. Windows is shit, plain and simple! I suppose the worm must have entered the network via an email attachment, or via a download that a company would not permit. My recommendation is to scan all email entering the company before they arrive to the client, thus eliminating the spread of the worm from within the network.
    I agree beez... I have no power/say-so, what so ever as to how things are set up in this place. I do know that they do system maintanence during the day, when we're trying to get work done :roll: . If that ain't assinine, I don't know what is. This was a bomb that's been ticking for a while, I think. I'd be very surprised if the system is fully up and at 'em tomorrow though.
    Steve

  5. #5
    Senior Member comtux's Avatar
    Join Date
    Sep 2004
    Location
    Wilkes Barre Pa
    Posts
    342
    Right now at your work snct you have about 40 techs hideing under the table and wimpering i do also feel sorry for them all i have to say is they should ahve been useing Linux/Unix/Mac and dumped windows i have seen
    intire corps go out of buisness to to the affects of a wide spread virus or worm infection.
    Wenn Sie Spaß meines Englisch mich Willensfuckingtötung Sie bilden.

Similar Threads

  1. MSN Messenger hit by double-whammy worm
    By genesis in forum Windows - General Topics
    Replies: 28
    Last Post: 02-06-2005, 03:34 PM
  2. Teen gets 18 months in prison for worm
    By genesis in forum Windows - General Topics
    Replies: 15
    Last Post: 01-31-2005, 11:18 PM
  3. SQL Worm
    By mmiller9 in forum Linux - Software, Applications & Programming
    Replies: 11
    Last Post: 01-28-2003, 03:17 AM
  4. First Worm with a EULA?
    By trickster in forum General Chat
    Replies: 0
    Last Post: 10-25-2002, 08:05 PM
  5. Apache worm..
    By imported_camelrider in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 07-02-2002, 06:41 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •