CODE BLUE - Brooks is kaput

greenspun.com : LUSENET : Current News : One Thread

This could explain why Lucianne is 99% inaccesssible today.

-- Anonymous, September 18, 2001

Answers

Brooks our member? what do you mean code blue? Is she hurt, sick?

-- Anonymous, September 18, 2001

See this thread at TB2k about a worm attack that is behaving like a DOS attack. Bet that is what OG is talking about.

http://www.timebomb2000.com/vb/showthread.php?s=&threadid=7270

-- Anonymous, September 18, 2001


Internet virus, you twitt!

-- Anonymous, September 18, 2001

Well... I'm wondering where this one is coming from.... There are sure some sick bastards out there if someone that is within the USA started this.

(Haven't been able to pull up the link above, due to this worm/virus also doing DOS attacks on system. It is like getting a root canal just to get one simple page to come up, let alone a board like Dennis's)

Anyway, here is the e-mail that we got from one of our many anti- virus suppliers at work today. [Oh btw, I'm stuck at home sucking out air vents again today. 3-5" of rain from after midnight to 5am and it looks like it is about to pour again)

> -----Original Message----- > From: Weaver, Nikki > Sent: Tuesday, September 18, 2001 9:05 AM > To: #McAfee SLGE Central > Subject: new virus alert!!! > Importance: High > > Please be aware that there is a new virus that is breaking out. It > is called NIMDA or if you spell this backwards its ADMIN. All Groupshield > users please use Outbreak Mgr or content filtering to > block........................admin.ell or readme.exe......please use your > filtering...... > It causes Dr. Watson errors and is very similar to a Code Red. Stay > tuned........ > visit the www.avertlabs.com web site. It hit at 0908 same time of WTC > attack. > > > Todd Swope

-- Anonymous, September 18, 2001


Sorry about the above formatting folks.... Didn't come across exactly the way I wanted it to, but you get the idea.

-- Anonymous, September 18, 2001


Whew! Home and back on the 'net! Nimda which may or may not be the same as Code Blue or a new and improved Code Blue.

Bad enough that it was almost entirely impossible to get on the 'net, but incoming/outgoing e-mails were tending not to get through (or ages later) and our printer communication system was a joke.

I felt really good when I was able to pass some information, from Timebomb and one of our forum participants, on to our IS folks. They had suspected they were taking the wrong tact, but they couldn't get on the 'net to research it.

Really, really nasty. Surprised I haven't heard anything on the news about it.

-- Anonymous, September 18, 2001


And the Internet traffic report site...

http://www.internettrafficreport.com/cgi-bin/tr_chartpage.pl? NorthAmerica

...tells an interesting story as well. It happened quite suddenly.

-- Anonymous, September 18, 2001


Well, what would Ashcroft know about it. Might not have been OBL, but the timing looks pretty suspicious to me...

http://digitalmass.boston.com/news/2001/09/18/nimda.html

FBI investigating new Internet worm, thousands of computers targeted

By D. Ian Hopper, Associated Press, 09/18/01

WASHINGTON -- Anti-virus researchers were fighting a new Internet attacker Tuesday similar to the "Code Red" worm that infected hundreds of thousands of computers several months ago. The worm, known as "W32.Nimda," had affected "thousands, possibly tens of thousands" of targets by midday Tuesday, according to Vincent Gullotto, head virus fighter at McAfee.com, a software company.

(Last week, the FBI warned that there could be an increase in hacking incidents after the terrorist attacks in New York and Washington.

However Attorney General John Ashcroft said today there is no evidence of any connection, Reuters reported.

Ashcroft said the new Internet infection, which spells admin backwards, may have started as early as Monday and that it affected computers worldwide by overloading traffic on the Internet.

"There is no evidence at this time which links this infection to the terrorist attacks of last week," Ashcroft told a news briefing.

He said the latest computer worm could be "heavier" than the Code Red worm that caused an estimated $2.4 billion in estimated clean-up costs on Internet-linked computers last month.

With Nimda, affected computers scan the Internet in search of other computers and this substantially expands traffic load on the Internet, said Ashcroft. He added that anti-virus companies had provided the necessary files needed to counter this latest threat.)

Even when the attack isn't successful, the worm's scanning process can slow down the Internet for many users and can have the effect of knocking Web sites or entire company networks offline.

The FBI is investigating the worm, said spokeswoman Debbie Weierman. The agency has not indicated whether the worm is connected to last week's terrorism attacks.

On security e-mail lists, system administrators nationwide reported unprecedented activity related to the worm, which tries to break into Microsoft's Internet Information Services software. That software was the same targeted by Code Red, and is typically found on computers running Microsoft Windows NT or 2000.

Most home users, including those running Windows 95, 98 or ME, are not affected, according to the Associated Press.

(However Reuters is reporting that Nimda also appears able to infect Web sites, so when a user visits a compromised Website, their Web browser -- if it hasn't been patched -- can infect the PC.)

Ken Van Wyk, chief technology officer at ParaProtect, said the worm tries to wriggle in through 16 known vulnerabilities in Microsoft's IIS, including the security hole left in some computers by the "Code Red II" worm, which followed Code Red in August.

Code Red, by comparison, attacked through only one hole, which could be patched by downloading a program from Microsoft's Web site.

"It's causing enormous pain because it is at least an order of magnitude more aggressive than Code Red," said Alan Paller, director of research at the nonprofit Sans Institute. "It's a pretty vigorous attacker."

In addition to direct Internet attacks, the worm can also travel via e-mail. The e-mail message is typically blank, and contains an attachment called "README.EXE." Antivirus experts warn that users shouldn't open unexpected attachments.

Efforts to isolate and track the worm were hampered by the swiftness of the attack. Gullotto said the first report came at about 9 a.m. EDT, from a site in Norway.

"It's taken down entire sites," Gullotto said. "I can't even get to the Internet right now."

On Monday, the FBI's National Infrastructure Protection Center warned that a hacker group called the "Dispatchers" said they would attack "communications and finance infrastructures" on or about Tuesday.

"There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place," officials said in a warning on the NIPC Web site.

(Material from Rueters was also used in this report.)

-- Anonymous, September 18, 2001


Dan's work got jit today..totally down..in AKRON

Have the game on, in the 4th inner they did a crawler saying the FBI is investigating this new Code Blue virus W32.nimda....

-- Anonymous, September 18, 2001


So this is why TB2K is down this morning? Been trying to get on since 8 a.m. EDT with no luck. Thought perhaps Dennis's back-up project had backfired. Is the alternate board up?

-- Anonymous, September 19, 2001


We were crippled at work again today. Patch is supposed to arrive tonight. I left a candy bar for whichever staff works on my machine at midnight.

-- Anonymous, September 19, 2001

LOL! A candy bar! I love it!

-- Anonymous, September 19, 2001

Yes, we have virus problems on the higher ed networks around here, too. I got drafted to run hard drive scans today on a bunch of PCs, and then I had to come home and mess with my computer. Fortunately, the Norton Anti-Virus grabbed the virus right away and things are working fine in my home office. I'm setting up a second computer that won't be connected to the net. I need to have one working computer throughout this week. This is the first computer virus I've had at home.

-- Anonymous, September 19, 2001

Git, I would have left some carrots for the reindeer, too, if I had any with me.

BTW, the internettrafficreport.com is currently saying everyone is at zero, which clearly is not the case. But sometimes the numbers are credible enough to be fascinating.

-- Anonymous, September 19, 2001


anyone know if the virus can get past zone alarm?

I haven't seen it on my systems, but one is acting up a bit.

-- Anonymous, September 19, 2001



Still kaput. Santa never showed up last night, so I ate the candybar this morning.

-- Anonymous, September 20, 2001

3 1/2 business days later, our system is finally declared to be fully functional (or no worse than usual, I suppose). Hope this isn't typical of what other businesses were up against.

-- Anonymous, September 21, 2001

Hey, Brooks! Have a candy bar!

-- Anonymous, September 21, 2001

Moderation questions? read the FAQ