virus/worms killing a network...
alan at clueserver.org
Sun Aug 1 06:47:17 UTC 2004
On Sat, 31 Jul 2004, Jeff Vian wrote:
> On Sat, 2004-07-31 at 16:14, Mike Klinke wrote:
> > On Saturday 31 July 2004 15:56, Jeff Vian wrote:
> > > > Assuming that your FC2 box is also acting as a firewall I'm
> > > > curious as to how your network machines are getting infected. If
> > > > you're not running a firewall you may strongly want to consider
> > > > one.
> > > >
> > > > Regards, Mike Klinke
> > >
> > > Simple answer --
> > > 1) Uneducated users who open everything they get in the mail or by
> > > instant messaging.
> > > 2) No virus protection software loaded/not updated.
> > >
> > > The firewall would not block mail, and clueless users are the most
> > > dangerous thing on any network.
> > If my memory serves me the msblaster worm spread primarily by way of
> > the MS bug addressed by:
> > http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
> That is the one he said was primary. However, he did say others viruses
> were in the mix as well. And once it opened the back door from the
> first machine it could then possibly provide access to outsiders to the
> entire network.
The people who are the biggest risk are sometimes the hardest to train.
I have encountered this many times before.
There are a couple of possible problems/causes here.
You have the users who are unwilling/unable to learn how to use, or
discipline themselves enough, to use anti-virus tools and keep them up to
date. There are anti-virus tools out there that are pretty heavy handed
that deal with these sort of problems. They cost money and admin time.
They also require buy-in from management.
There are also people (usually managers and/or sales people) who feel that
the rules do not apply to them. Those are the ones that turn off the
virus protection because it got in the way or don't want to be bothered by
Another problem are people who have laptops that are used at home and at
work. They tend to be a vector for all sorts of things that slip past any
firewall checking. (Especially since these machines tend to be used for
surfing the web and who knows what else at home.)
> > but you're right that there was a e-mail vector as well. The other
> > person needs to answer my question above before assuming it's only
> > due to "stupid users."
> I agree that an answer to how the first infection got thru the firewall
> (and if he has one) is the real issue here. Once the first one was
> infected the rest are vulnerable because the source is inside any
> firewall he had.
Some people just have not figured it out yet. I am still amazed by
supposed "computer savy" people who get bit by spyware because they did
not know that Kazaa would infect their system or that e-mail addresses can
What is worse are the people who refuse to learn. Those I have no
sympathy for. (And there are a lot of them...)
More information about the users