Joshua

Two new computer attacks are wreacking havoc with PC users this
week, clogging email systems and overwhelming corporate networks. The
first, which oddly enough seeks to undo the damage from the infamous
MSBlaster worm, is a worm called W32.Welchia or W32/Nachi; it
aggressively looks for new hosts that MSBlaster has infected, then
downloads and installs the Microsoft patch that fixes the
vulnerability. The second, SoBig.F and its variants, is a virus and is
more malicious. This virus infects users through email, searches for
email addresses on the users' systems, then sends itself through email
messages to each of those email addresses.
W32.Welchia and SoBig.F would be bad enough on their own, but the
combination of both is causing headaches for IT departments and end
users around the world. W32.Welchia replicates using the same remote
procedure call (RPC) vulnerability that MSBlaster used, and although
it seeks to help users battle MSBlaster, it's faster, more aggressive,
and better written than MSBlaster, so it's hogging bandwidth at many
companies. Security experts say W32.Welchia hasn't affected the wider
Internet, however.
The news isn't nearly as positive for SoBig.F and its variants.
Thanks to its rapid replication process, this virus has already
affected millions of users worldwide, dragging down email systems.
SoBig.F doesn't just look in your address book for email addresses,
either, as many previous viruses did. Instead, it also harvests email
addresses from Web pages and other locations. Infected email messages
include an attachment and subject lines such as "Re: Approved," "Your
Details," and "Thank you!" Obviously, if you receive such an email
message, you should delete it and not open the attachment.
As always, the advice is to keep your antivirus definitions
up-to-date and consult with companies such as McAfee, Microsoft, and
Symantec for the most recent security updates, virus-scanning
applications, and other information.

__________________
The Apexer formerly known as SnotRocket.

"Like I ****ing said, "Ok, so I hear it may be a repost. Blah But I had never seen it, so..." **** you Canta." -Jenny 12/4/2003

Joshua

RELIGIOUSLY!!

bachviet

__________________
Dell Dimension 9200 | Intel Core 2 Quad Q6600 (2.4GHz) | 4x1GB DDR2 | 256MB nVidia GeForce 8800GT

Dell Studio 17 | Intel Core i7-720QM (1.6GHz) | 2x2GB DDR3 1066MHz | 1GHz ATI Mobility Radeon HD 4650

Intel P4-C 3.0GHz | ECS 865PE-A | 3x512MB PC3200 | 128MB PNY GeForce 6600GT

gdllv

FYI: LiveUpdate periodically checks for new updates from Symantec

ray

i use mcafee :-/

ribitch

yet another reason i love my mac.....


joking aside, the number of infected computers out has been insane. I have had to bail out tons of people due to holes in their firewalls and lack of proper OS updates. Its been great of my company though, the virii are making use really busy.

eSDee

Norton hasn't released an update since December for the Mac. I love my PC but from a sysadmin pov, Macs are dope.

__________________
~~~~~~~~~~~~
3 days ~ Willie Nelson

3 days I dread to see arrive
3 days I hate to be alive
3 days filled with tears and sorrow
yesterday today and tomorrow

ribitch

I dont even bother with mac AV. I have yet to hear about a virus for OS X. I c ant even name a mac virus off the top of my head, but i could name over a dozen PC ones. I am not saying a virus for a mac cant be done though. Until the threat is like that of a pc, i wont be worrying.

__________________
http://ribitch.com/ipod.html

eSDee

Well as you know, OSX is Unix based so there are vulnerabilities. However so far Mac seems to be exempt from the terrorists that love to take on MS software and OS's. I'm happy for that, but as a sysadmin who knows a thing or two about code, I know that it's just a matter of time before people start going after Mac.

Joshua

I think we don't see too many mac viruses since macs account only for a very small percentage of the market, therefore, spreading them would be tough. I think we'd only see it if there was a universal virus that could affect every platform, OR if there was a way to spread it via Itunes.com which is only for macs.

Bottom line, not many mac viruses cuz not many macs. /me runs from Ribitch.

bachviet

Not enough interest in Mac attack because why waste time on a so little market.

ribitch

actually, at defcon, they talked about OS auditting and finding vulnerbilities. Anyways, during this lecture the dude talked about how many *nix based OS's shared much of teh same code, therefore one vulnerbility on one system usually exsisted between many variants of *nix.

With this being said, a virus could be written to exploit linux while at the same ime exploiting FreeBSD, NetBSD, OS X, and Solaris.

When combined, these OS's account for a large percent of the server market as well as a large percentage of the overall computer market. Sure its not as large as windows takes up as a whole, but a virus could do a ton of damage on the net or to the enterprise market.

Its not really a "why attack such a small market" when that small market depends on many opensource apps that are run on several different OS's. These OS's are also patched more often than that of teh typical windows user. So by design and usage, windows is the easiest of the OS's to exploit, as well as the most common OS that will not be patched to fix the vulnerbility.

Jeffbx

Eh, I don't believe that. Only the admin will apply a patch, so your machine is only as secure as the admin makes it. In one of my past jobs, our UNIX systems were compromised twice while our Windows systems were never touched, simply because the UNIX admin never kept up with the patches.

Doesn't matter what OS you run if you don't pay attention to the updates.

The vast majority of systems out there are Windows, so that's the ones you hear about (esp. from the home users) when there are problems. Also, there are WAY more people interested in seeing Windows users suffer, so they keep cranking out the exploits. Focus these b*stards on any other platform, and you'll see the same security flaws on *NIX, Mac, Xbox, cell phone networks, whatever.

ribitch

http://164.106.251.250/docs/netsec/d...-11-cesare.pdf

Thats a PDF link to the Defcon11 presentation that I referenced. It was also presented at blackhat this year. The entire defcon11 CD is contained at that server if anyone is interested. I have no clue whos site it is, but it appears to be all there. There are some pretty good PDF's and utilities on it.

ribitch

http://www.lowendmac.com/lite/03/0813.html

There you go, a article on the first OS X virus.

eSDee

Macs are definitely not "bottom of the barrel" as that would imply their worth is less than those above it. I agree about the hardware being more expensive than most low- end PC's, but they are getting better. Consider the eMac which has a DVD burner, 17 inch monitor, 80 GB HD, ATi Radeon 4x AGP vid card all for $1300. That's not bad considering a good DVD burner on the PC will cost you a couple of hundred bucks. Software is not proprietary as it used to be either, as many of the big players are finally on board making software for the Mac.

Bottom of the barrel would be more like "E- machines" or "Packard Bell".

Joshua

With the advent of the Pentium 4 processor, high end video cards, and oodles of RAM, I don't even see an advantage for Macs with multimedia.