what happend to msbalster? — Community Waffle — All About Symbian Forum Archive

Ismail 17 Aug 2003, 06:14

does anyone have any info?

GhostDog 17 Aug 2003, 15:05

What do you mean by that?Its was a stupid exploit,it got patched.

LAuRA 17 Aug 2003, 16:15

Here it was told that 5.000 to 10.000 computers were infected with the worm in Finland, but the damage it was intended to cause remained minor. Microsoft disconnected the server, against which the attack was desinged, from the web and removed it's name from domain name systems. And since the target was no longer there, the extra traffic did not cause the intended catastrophy.

See this article http://www.f-secure.fi/news/items/news_2003081700.shtml for more details.

Jadeviper 17 Aug 2003, 19:41

it didn't bother us, we still use Win98 and it didn't work in that.

willbrady 18 Aug 2003, 16:27

Makes you wonder...
If the MS security hole allows an .exe to be dropped onto the victims machine and ran - why don't Microsoft just scan our machines for the vunrability and drop us the .exe to fix the hole and run the patch!!

😊

Save us all a lot of grief!

yourmanlee 19 Aug 2003, 09:28

I'm running XP at home (in the UK) and managed to pick up the bug. It even got through my virusscanning software the little bugger. I read somewhere though that there's a free prog from www.grisoft.com that can sort it, and it did for me, thankfully.
But now, worm gone, firewall up, hopefully no more frigging about, but it's a nasty little bugger i tells ya!

Lee

Orophin Anwarunya 20 Aug 2003, 22:01

Symantec Anti-Virus and Sygate Personal firewall.....talk about the "Two Towers"!!! 8)
I didnt even feel the blasted little bugger, but my university computers where just dropping like flies. 😃

LAuRA 22 Aug 2003, 19:14

And now it's been followed by Sobig-F :-?
I've received several e-mails with this virus, but fortunately my mail-provider (university) has been alert and deleted the attached files each time before they even reach my pc. Sobig is about to launch it's attack tonight so we'll see what it does :x

See http://www.f-secure.com/news/items/news_2003082200.shtml for details.

Jadeviper 22 Aug 2003, 21:18

I had one of them sent to my Hotmail today, but at least that doesn't let viruses through so i was able to delete it safely.

Fun fun fun

LAuRA 23 Aug 2003, 07:51

For the past week I've been following the virus news more closely than before, probably the rest of you have done it too. It's an amazing race between hackers and security experts. Like last night, it was creepy to read online the updates on how things with the Sobig-infected servers developed...

-----
Update on 16:00 UTC
F-Secure can confirm that 18 of the 20 master servers are currently down or unreachable.

Update on 17:00 UTC
F-Secure can confirm that 17 of the 20 master servers are currently down. Apparently one of the machines was not disconnected by an ISP and has been booted up by its owner.
We're working together with CERTs, FBI and Microsoft to stop the last three.

Update on 18 UTC
F-Secure can confirm that ALL the master server machines are currently down or unreachable. One of them seems to still respond to PING but not to 8998 UDP.
We have one hour to go to see if this really is the case.

Update on 18:20 UTC
Unfortunately one server is up right now after all. And one might be enough for the attack to start succesfully.

Update on 19:00 UTC
When deadline for the attack was passed, one machine was still (somewhat) up. However, immediately after the deadline, this machine (located in the USA) was totally swamped under network traffic.
We've tried connecting to it, just like the virus does. We do this from three different sensors from three different machines in three different countries. We haven't been able to connect to it once. If we can't connect, neither can the viruses.
So the attack failed.
We'll keep monitoring until 22:00 UTC. If we're not able to connect once, we can safely say that the attack was prevented.

Update on 19:50 UTC
Still not a single connection from any of our sensors to any of the servers.

Update on 21:30 UTC
Situation is still the same. Things look good.

Update on 22:00 UTC
The official attack time on Friday has ended. All 20 machines were inaccessible throughout the attack.
Now we are investigating random UDP traffic that has been seen in the net, possibly relating to the worm.

-----
The above taken from http://www.f-secure.com/v-descs/sobig_f.shtml Next attack attempt will be on sunday.

GhostDog 23 Aug 2003, 10:47

I know exactly what you mean!!I was pretty fascinated by that article too.Like it says in the article,i don't think this version of Sobig is made by some kid virus coder.Sunday will be a lot of fun 😃

Orophin Anwarunya 24 Aug 2003, 23:39

gah!! its just annoying, cos' these "hackers" are cripling the very medium that enables their "work" .......idiots!!
anyways, it inevitable that servers, networks and such would slow down due to the influx of these emails........but it need not affect the individual....its the age old warning that even I remember drilling into my students heads "DO NOT OPEN UNSOLICITED EMAIL....HOWEVER ENTICING AND PROMISING IT MIGHT SEEM!!!"........amongst other things.

dont fret folks, it will pass and the net will come out the better for it.....long live the "digital super-highway"