CNN hit by worm

By hagjohn
in Back Page News

 Share

Recommended Posts

Grand Master

Veedems Veteran

Posted
  • Veteran
Posted
Apparently they will eventually suffer the dire consequences of not listening to Microsoft. :rolleyes:  :sleep:

586387456[/snapback]

Listening to Microsoft? MS isn't forcing them to upgrade as the OS is still supported. The patch was released about a week ago so it's simply the fault of them not installing the patch and has nothing to do with them not upgrading to XP.

Mentor

randy_tho

Posted
Posted

I believe this one was another self propogating worm. Looks at like 3 different ports and can install itself from another infected machine. It sets up an ftp server and randomly looks for open hosts on a subnet of 255.255.0.0. As an example, if the host is 10.1.1.5 it randomly looks at 10.1.1.6 or 10.1.3.4. It generates the last two octets. So it sounds as if a firewall/ or machine firewalls are setup properly this would have no effect.

Yeah read the above sarc link. :) Thats a different variant than what I read about earlier. I was looking at a and b.

It will propogate on all windows systems but only has a payload on 2000/XP.

Mentor

amr_01

Posted
Posted
ABC news just complained about it. Has this patch been on Windows Update?

Does this effect Windows XP or not?

http://securityresponse.symantec.com/avcen...32.zotob.d.html

586387502[/snapback]

it affects xp if they were not patched, unless they have sp2.

Mentor

crazihouse

Posted
Posted

They were recently showing footage of inside CNN HQ of employee's computers, showing the windows startup and continuous shutdown dialogues and the employees getting mad. Hilarious!

"Microsoft has said that this worm is 'low impact'... I'm not sure what that's supposed to mean. *sarcastic " -Paula Zahn

Grand Master

hagjohn

Posted
  • Author
Posted
Incorrect.? This worm does not affect XP at all.

586387662[/snapback]

W32.Zotob.E> is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445.

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

WORM_RBOT.CBQ> This memory-resident worm drops a copy of itself in the Windows system folder as the file WINTBP.EXE.

It takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, refer to the following Microsoft Web page:

Systems Affected: Windows 98, ME, NT, 2000, XP

Grand Master

.Kompressor

Posted
Posted

:laugh: CNN, ABC, Catepillar co., New York Times, all affected...

I hope no one is using windows for life support... :rolleyes: and that their hospital admin have not put the critical computers on the network with other machines with internet access. That would suck!

Mentor

Jeremy1

Posted
Posted
Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

586387686[/snapback]

They're wrong. The vulnerability exists in XP and 2003, but those OSes do not allow anonymous remote access to the service, so the worm can't do it's work.

Enthusiast

Sota

Posted
Posted

I was under the impression it only affected XP Service Pack 1, Windows 2000, and Windows 98. XP Service Pack 2 would not be affected.

That is quite funny though CNN uses Trend and Trend was the one notifying of the PC community of the problem. Way to stay on top of the ball CNN :p

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By matthiew · Posted

      Google are hyprocrites for signing this. They have been pulling the same dirty tactics as Microsoft, only they do it on Android and ChromeOS.
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By matthiew · Posted

      In some countries the law has forced Microsoft to display a menu on a fresh install of Windows which asks which web browser you want and it will install that browser. This doesn't add any bloat to Windows. It simply an additional step when setting up a new PC.
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By matthiew · Posted

      Chrome is also a first party browser on Android and ChromeOS. And on those systems, Google is pulling the same dirty tactics as Microsoft does on Windows.
    • Unofficial script lets you install unreleased Windows 11 features without Microsoft Account

      By hellowalkman · Posted

      Unofficial script lets you install unreleased Windows 11 features without Microsoft Account by Sayan Sen Microsoft has been steadily evolving the Windows Insider Program over the years, introducing new channels and testing paths that allow enthusiasts to experience upcoming and yet-to-be-released Windows features (some interesting hidden ones too) before they reach the public. However, one long-standing requirement has remained largely unchanged as users are generally expected to enroll in the Program and with a Microsoft account. That's where a third-party tool called "OfflineInsiderEnroll" can help. OfflineInsiderEnroll is said to be a lightweight script that enables access to Windows Insider Program builds on systems that are not signed in with a Microsoft account. Essentially the tool configures the necessary Insider settings locally and hence allows users to select and switch between available preview channels while continuing to receive builds through the normal Windows Update channel. If you are wondering how it manages to do so, it is made possible by a Registry value known as TestFlags. When configured to"0x20", Windows stops communicating with Microsoft's online Insider enrollment services thus preventing locally configured Insider settings from being overwritten. This allows the script to apply its own channel configuration directly through the Registry as Windows Update does not verify whether a device has been officially enrolled in the Insider Program or not. Previously the utility has had already supported the traditional Insider branches including Dev, Beta, and Release Preview. However following Microsoft’s recent restructuring of its preview channels, the script has now been updated. The latest OfflineInsiderEnroll version, 2.6.6, adds support for the newly introduced Insider channel lineup. As such, users can now choose from several Experimental channels in addition to Beta and Release Preview options. The update also retains tools for refreshing the Insider cache, resetting Insider settings, and completely stopping Insider enrollment when needed. Keep in mind though that will need elevated privileges when running the script (run as Admin). You can get the latest version of OfflineInsiderEnroll from this page on its official GitHub repo.

  • Recent Achievements

    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular
    • Very Popular
      s0nic69 earned a badge
      Very Popular
    • Collaborator
      Asgardi earned a badge
      Collaborator

  • Popular Contributors

    1. 1
      +primortal
      472
    2. 2
      PsYcHoKiLLa
      250
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      67
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!