[Gloucs] I-WORM/Opas.A

[bjh]

Hi Guy,

Your comments are right on the button - the interesting thing about this
little clever friend is that our systems have all the MS patches for Windows
98, the system running on the particular PC's that were networked, and our
Anti-virus system AVG provided by Grisoft was totally up to date (and on
each PC!), and our systems are set for autorun every morning without fail.

Every other virus attack we have had has been stopped at point of entry by
the AVG programme with no system damage at all, in fact we have previously
had other Anti-virus systems knocked out by virus attacks... As far as
Windows is concerned AVG is the only system that works and it is updated
against new virus strains at least once a week.

The problem with blocking Ports is that you appear to need Ports 137 to 139
for networking and that was the path of the worm attack...

The interesting thing is that since we activated ZoneAlarm Pro as the
Firewall, we have had attacks about every four seconds to Port 137 every
time we go online, which underlines how far this thing has spread, and the
repeat visits to our system by other infected systems based on the IP
address numbers originating the attacks...

Best wishes
Barrie

----- Original Message -----
From: "Guy Edwards" <guy_j_edwards@hotpop.com>
To: "MAILING LIST" <gloucs@mailman.lug.org.uk>
Sent: Tuesday, December 31, 2002 1:26 AM
Subject: Re: [Gloucs] I-WORM/Opas.A


> On Tue, 2002-12-31 at 01:04, jinxy@firenet.uk.com wrote:
> > Not wanting to sound like I know anything but you should be using a
> > firewall anyway and NAT aswell if you are letting PCs on the internet.
> > Blocking all ports except the ones you need.
>
> (My knowledge of security runs about as far as installing Smoothwall but
> here goes anyhow...)
>
> But if it's attached to an email and then spreads on your internal
> network once inside then it's going to get past your firewall. I know
> there's a million ways to stop that (user education, email filtering,
> don't use outlook :-) etc), but there's lots of ways in that can get
> past a firewall. (Mark?) e.g. I seem to remember an article on the
> register about how a png file could be altered to write to memory
> through a flaw in IE.
>
> Firewalls are great but I thought all the most abundant viruses were the
> ones that used the social engineering side of it the best, not the most
> technical complicated (e.g. exploiting flaws that have been know about
> for ages but most MS machines haven't been patched and are hence still
> vulnerable, and just use a interesting email subject line to get people
> to open the email,)
>
> Out of interest, how many Linux users haven't applied all the security
> patches for their distributions? (I take it this is where the Debian
> users all look smug and mumble something about apt-get).
>
> > Has anyone done a talk on the firewall/NAT distros you can get and how
to
> > set one up on a normal distro?
>
> Not as far as I know. Want to give it a go? I can bring along a box with
> Smoothwall and a laptop to network to it.
>
> Guy
>
>
>
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
>