Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
It Soapbox Time
#1
http://www.microsoft.com/technet/security/...n/MS08-067.mspx

This is a really bad one, guys. I can't stress that enough. I mean, make sure that your work comp is patched / about to be patched, patch your boxen at home if you have less-than-savvy home users or not... patch it all.

This exploit is being used as a spambot / botnet framework already, a malware delivery system and it'll only get worse from there. Serious pants-around-the-ankles stuff. Remote control of your machine, deletion of critical / personal files remotely by a hijacker (or possibly held for ransom)... this is no joke, no false alarm.

Get to it. We've got a few decent I.T. guys here, so get asking with those questions if you have them!
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#2
Yep, I'm hold'n my ass now. It shut down my firewall and email scanner, then the ethernet drivers, and now it is attacking my on board video. Thankfully I have a off board video card but, dude it sucks. Gotta wipe her out.
Currently - 2014 GMC Sierra 1500 SLE 4X4 Work Truck. Needs a Super Charger
2012 F150 Eco Boost Work Truck < Died several times and now it's some farmer problem.
No Longer Sleeping/In Surgery Having A Heart Transplant - 2005 Focus ZX5 Sonic Blue Modified
Sold - 1992 Astro Van CS Sky Blue Stock
Sold - 1994 Excel 2DR HB Teal First Car

Reply
#3
I'm so not even asking why you opened one of these emails... you should be able to pull the desktop HD, put it in an enclosure, scan for viruses, retrieve pics/documents, put back in desktop, format, reinstall.

Given the nature of the exploit and the types of malware making use of said exploit... personally, I'd format over doing a full repair of the Windows install.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#4
Hey Adam, have you heard if Exchange 2k7's filters kill it before it gets to the end user? Haven't seen any here in the office, so I'm keeping my fingers crossed...
Ryan and the Silver Sedan
++++++++++++++++++++++++
2008 Mazda5 GS/Copper Red Mica/2.3 MZR 5AT/22% Tint
[Image: 49951.png]
2011 Ford F150 FX4 Supercrew/Race Red/3.5 TT EcoBoost
Reply
#5
Yeah, this one is a bad mofo, I've got my home box updated and patched as tight as I can, but I have no idea if our work machines have actually been taken care of (and the way our IT people in Toronto work, I'm guessing not &lt;_&lt;)

So as far as work is concerned, I'm just holding my breath waiting...

NefCanuck
Reply
#6
Hey Ryan,

It depends on your current treatment of UCE and the SCL threshold levels. Technically, it SHOULD... but you never know. We're Exchange 2003 Enterprise SP2 here... so we're a little different and VERY permissive on mail sent on to users (as per senior management).
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#7
I know, I left my system open when connecting to my 360 and forgot to close it. I started to dnload a movie off of limewire and in the morning it was never the same again. Oh well, looks like i'm upgrading to Vista Ultimate. :D
Currently - 2014 GMC Sierra 1500 SLE 4X4 Work Truck. Needs a Super Charger
2012 F150 Eco Boost Work Truck < Died several times and now it's some farmer problem.
No Longer Sleeping/In Surgery Having A Heart Transplant - 2005 Focus ZX5 Sonic Blue Modified
Sold - 1992 Astro Van CS Sky Blue Stock
Sold - 1994 Excel 2DR HB Teal First Car

Reply
#8
vista = fail for me, me and my best bud put it on our computers, ultimate that is aswell, withing 2 months mine crashed and within 2 weeks his crashed lol so i down-up graded to xp lol
2007 ZX4 2.0l unaturally aspirated
FSwerks stage 2 Turbo kit, Cosworth Intake Manifold, 3" custom HKS turbo back
regular stage 2 @10ps : 232whp/219wtq
stage 2 plus @ 13psi: 278whp/229wtq
Stage 2 plus @15psi: 296whp/240wtq

2013 Focus ST Tuxedo Black - The daily
Reply
#9
what in bill's name is this? I'm running most-updated Symanthec Endpoing Protection, is this enough or should I just shut the computer down and wait few weeks until the internet is safe again?
Reply
#10
Just when you think they patched everything up in xp somebody finds another hole....

I think Vista is an even bigger disaster, and its showing by the amount of people switching over to Mac's or just ordering their PC's with XP.

When I upgraded from Tiger to Leopard I noticed a speed increase, but when I upgraded my sisters PC from XP to Vista I had to buy an extra gig of ram and still the computer ran slow as s***.


I drive a 2010 Golf that growls at people when it goes over 3000rpm.
Reply
#11
hanserus,Oct 28 2008, 09:26 PM Wrote:what in bill's name is this? I'm running most-updated Symanthec Endpoing Protection, is this enough or should I just shut the computer down and wait few weeks until the internet is safe again?
[right][snapback]275419[/snapback][/right]

Windows Update, man. Do all your Windows Updates that are pending. And if you don't have a wired/wireless router at home between you and your ISP (Rogers, Bell, etc)... I seriously suggest that you go out and buy one. Some new Bell hardware may have an integrated router built into it. You might want to check any documentation you have on your ISP's hardware.

Questions here are always welcome - pics too if you don't know!

XP on my (now old) work Dell Latitude D820 with 4GB RAM and 100GB SATA 7200RPM drive: not bad, not as quick as you'd expect.

Vista Business SP1 64-bit on my new Dell Latitude E6400 with 4GB RAM and 160GB SATA 7200RPM drive: faster than I expected, still need to install more stuff, but WTF with the 14GB Windows folder???? :blink: It's probably all the install binaries from the Vista DVD, but still... ick.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#12
Your ISP's router may have its internal firewall disabled. I know mine from Bell does, it's retarded but it's how they try upselling you to their A/V &amp; spam protection.

NefCanuck
Reply
#13
Actually I don't have a router but will be buying one soon. Any suggestions? Is it worth getting cheap, expensive or mid-priced?
Reply
#14
NefCanuck,Oct 29 2008, 09:54 PM Wrote:Your ISP's router may have its internal firewall disabled.  I know mine from Bell does, it's retarded but it's how they try upselling you to their A/V &amp; spam protection.

NefCanuck
[right][snapback]275589[/snapback][/right]

If Bell tries telling you that their software is equal to or superior to a hardware-NATing router, they need to be told to f*** RIGHT OFF on the phone. It's harsh but you know what? I'm tired of putting up with script-jockeys who want nothing more than their next bonus cheque - and they're just the exact opposite of &quot;customer service&quot;. They don't give a s*** what happens to you.

I know a lot of ISPs hate it when you run hardware anything on their services (firewalls, routers, VoIP gateways, etc) because in their little minds &quot;it makes it harder to troubleshoot your connection&quot;. BS. They hate it because they can't snoop on you as easily and because they really don't give a rat's ass if you become part of a botnet or anything. This is why WebEx and GoToMyPC is out there - because LARGE, MEDIUM and SMALL ENTERPRISES are behind firewalls, protected and they occasionally need assistance from remote parties. If they want to stop people from running third-party hardware routers/firewalls, supply them and LEAVE THEM TURNED ON. f***.

The only thing Bell has done right (or used to do right) is that they force you to use their SMTP servers and to authenticate using your POP/SMTP/IMAP account credentials. As far as I am concerned, nobody at home should be able to be an end-point SMTP server, able to send mail out blindly to anywhere on the Internet. This makes ISPs accountable for flooding the world with spam and forces them to cut off abusers instead of making us jump through hoops to get botnets decommissioned.

&lt;/end rant&gt;

If anyone wants recommendations on Internet routers, let me know. There are also a few other I.T. guys here that I'm sure won't mind chiming in with their experiences as well.

hanserus - for what you would need as a home user, a simple D-Link wireless router would be effective.

http://www.staples.ca/ENG/Catalog/cat_sku....&affixedcode=WW

Going more expensive is good if you meet the following needs:

- if you buy a router with gigabit networking, do you have at least two PCs / laptops that have gigabit network cars that would be moving massive amounts of data repeatedly between them? If not, you can buy something with 100 Mbit network ports in it (1Gbit = 1000Mbit). 100Mbit will let you move several GB of data in a few minutes in most cases.

- Wireless N over Wireless G routers. If you're going to be pretty much wireless around your house (laptops and even desktops), then it doesn't hurt to try for the extra speed of Wireless N networking (802.11N). However, don't believe ALL the hype over it... just know that it will be faster than Wireless G most of the time. You'll also need to buy Wireless N adapters for at least each PC you want to network wirelessly, and possibly PC Card Wireless N cards for each laptop that doesn't have built-in 802.11n. Hope that makes sense. :)

Point of Interest - I backed up my laptop's first stage of files (WinRAR'ed archive) over WiFi 802.11G, 54Mbps link to my Linksys WAP, then over 100Mbps to my idling desktop. According to Windows Vista, my throughput averaged 2MB/sec on a brand-new Dell Latitude E6400 laptop with an Intel 5100-series WLAN network card and the latest drivers for it from Dell. So, WiFi is great for surfing and such, but backing up a few GB of data? Go for a coffee - literally.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#15
Bell sucks period. Around 11 everything night I had a maximum of 128KB internet use while I was paying for 6 GB. F'd that and went to rogers they canceled bell for me and Hooked me up with the 6GB from them and I run a test and I always show 6745KB. Way faster, but enough of that. I restored my Vista to the begining of the month and reinstalled AVG 8.0 Pro and Run all my cleaning programs. Eveything is great. Vist Home Premium is the one I got, didn't like it at first, but after using it for a while it's really good. AcerE700 Quad Core Q6600 6 GBram 500GB 7400RPM 8600GTS Nvidia Dual screen 22&quot; :P :D
Currently - 2014 GMC Sierra 1500 SLE 4X4 Work Truck. Needs a Super Charger
2012 F150 Eco Boost Work Truck < Died several times and now it's some farmer problem.
No Longer Sleeping/In Surgery Having A Heart Transplant - 2005 Focus ZX5 Sonic Blue Modified
Sold - 1992 Astro Van CS Sky Blue Stock
Sold - 1994 Excel 2DR HB Teal First Car

Reply
#16
NOS,

Believe me, I've had my fair share of run ins with Bell's &quot;support staff&quot; (an oxymoron if there ever was one) and had to do end runs around the level one and two support to get my issues resolved when I proved to be smarter than they were &lt;_&lt;

Having said that, I always feel it's in the consumers best interest to educate yourself and refuse to be spoon fed whatever pablum a company tries to sell you. My box at home is locked down enough so that as long as I use a modicum of common sense, I'm safe from the nasty crap floating around out there :P

NefCanuck
Reply


Forum Jump:


Users browsing this thread: 6 Guest(s)