General discussion

Locked

W32.Blaster.Worm

By Joseph Moore ·
So, what have you experienced with this one? Has anyone had any hits in their corporate environment? Personally, I spoke to 5 people today (Tuesday) who were hit with it the previous night.

And it is difficult to admit this, but even my home computer (the one my wife uses that I don't keep patched, locked down or firewalled, since she doesn't like me to mess with her computer!) was hit after being online for 2 MINUTES Monday night!

Damn, this one is fast. Not SQLSlammer fast, but fast enough. An article I read today said that Symantec is estimating the entire IPv4 address space is being scanned every 25 minutes by infected machines.

Every 25 minutes.

Just think about that for a moment.

Again, this is not SQLSlammer rate of infection (which was the whole IPv4 address space in just a few minutes) or CodeRed rate (8 minutes, as I remember), but this one is more dangerous. Slammer could only infect SQL Servers; CodeRed could only infect IIS-running boxes. Blaster can hit ALL WINDOWS MACHINES, from user workstations, to IIS server, to SQL Servers. So it is running slower, but the impact is so much larger.

Therefore, what are your thoughs and experiences with this one? What have you had to deal with in regards to Blaster over the past couple of days?

This conversation is currently closed to new comments.

40 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to W32.Blaster.Worm

I have the points, so what the heck, eh?

Collapse -

by 1stladytech In reply to W32.Blaster.Worm

I run an independant shop, and we have about 20 machines in here right now with the worm. I have spoken to customers that have had entire bank intranets taken down by this worm. We probably got about 200 call today about this worm and how to protect or recover from it. At least in our customer base, the first infections that we got calls on were at about 10am cst on Tues. We are working overtime to get the machines cleaned up and patched so they don't get infected again. Such fun we are having now.

Vickie

Collapse -

by Joseph Moore In reply to

Poster rated this answer.

Collapse -

by dmiles In reply to W32.Blaster.Worm

Expierenced it hitting the coporate enviroment of a hotel network setup,the computers kept giving a RPC error message,then it would shut down and reboot,it happened the night before and it was back this morning,after updating the system with the RPC patch were it possible to get the network up and running
Considering that it moves so fast especially affecting computers on a dsl or network connection,puzzling how it is able to get pass the firewall,yet is does not create any replication or attach it self to any system programs.
One word scary

Collapse -

by Joseph Moore In reply to

Poster rated this answer.

Collapse -

by fred07 In reply to W32.Blaster.Worm

Hi,
Just this evening recieved an email from a LARGE Corprate entity that carried the worm in an email forwarding attachment being sent in groups of 6.
I just called their IT security and informed them about it.
Seems they knew about it this morning, before noon anyway and are doing the corrective measures.
What they do not understand is how it got past their firewalls and security as they are neighbors of M$.
And I do mean next door literally.
More as I am kept posted by their security.
fred

Collapse -

by fred07 In reply to

Update is the next door neighbor is now safe due to symantec fix. They had not installed the patch nor had a few of M$.
Go Figure.
fred

Collapse -

by Joseph Moore In reply to

Poster rated this answer.

Collapse -

by crobinson In reply to W32.Blaster.Worm

So far we have been very lucky and NOT been hit, mainly due to the way our network is set up. I know one of our users got hit at home, and another user reported that at her husband's office everyone got sent home yesterday (Tuesday) because they couldn't get any work done.

We are deploying patches today so that hopefully we can continue to avoid the problem. We hadn't thought until last week about our VPN users, which could provide a back door in to the network for the worm. We've warned the VPN users to make sure they're machines are patched.

Collapse -

by Joseph Moore In reply to

Poster rated this answer.

Back to Security Forum
40 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums