• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

zotob ftw!

So I haven't heard too much about this yet... How do I keep it off the 2000 and XP machines here @ work? Just make sure they're up to date?
 
owned owned owned owned ...

that word has to be in every fvcking sentence i read on the internet or hear on xbox live.
 
Yeah, our entire NAFTA network got owned. It was down for about 2 hours yesterday.

Edit: Actually, it was closer to 3 hours.
 
Originally posted by: Kenazo
So I haven't heard too much about this yet... How do I keep it off the 2000 and XP machines here @ work? Just make sure they're up to date?
Click to expand...

install the new windows patch

Originally posted by: purbeast0
owned owned owned owned ...

that word has to be in every fvcking sentence i read on the internet or hear on xbox live.
Click to expand...
shut up.

owned newb.
 
Originally posted by: junkerman123
Originally posted by: Kenazo
So I haven't heard too much about this yet... How do I keep it off the 2000 and XP machines here @ work? Just make sure they're up to date?
Click to expand...

install the new windows patch

Originally posted by: purbeast0
owned owned owned owned ...

that word has to be in every fvcking sentence i read on the internet or hear on xbox live.
Click to expand...
shut up.

owned newb.
Click to expand...

apparently someone doesnt' know the definition of the word owned ...
 
HAHA! This is why us firewall and IDS guys don't sleep that much. This also proves my long held theory that most organizations out there are far from being secure from the evils of the internet. This thread should be posted to the "find a job here" thread because there should be a lot of people fired at these major organizations for this. The primary means of infection is through TCP port 445 which should rarely, if ever, be open out over the internet.
 
Zotob/Plug and Play Worm Mitigation
-----------------------------------

Deny the following network ports at the firewall/border router:

INBOUND TCP 445 (Windows RPC, this may break several Windows based applications, sessions, etc.)

OUTBOUND UDP 69 (TFTP)
OUTBOUND TCP 1117 (IRC)
OUTBOUND TCP 1171 (IRC)
OUTBOUND TCP 4095 (IRC)
OUTBOUND TCP 5232 (IRC)
OUTBOUND TCP 6667 (IRC)
OUTBOUND TCP 8080 (IRC)
OUTBOUND TCP 8594 (IRC)
OUTBOUND TCP 18067 (IRC)
OUTBOUND TCP 30722 (IRC)
OUTBOUND TCP 33333 (IRC)

Deny the following IP addresses/URLs from connecting INBOUND or OUTBOUND:

ypgw.wallloan.com
spookestreet.afraid.org
spookystreet.udp-flood.com
sppokystreet.m00p.org
spookystreet.afraid.org
www.mailinator.com
tinyurl.com
72.20.27.115
72.20.41.139
nasa.darksin.net
nasahelp.darksin.net
xaeti.m00p.org
db23a.hack-syndicate.org
esxt.is-a-i love you.net
esxt.legi0n.net
www.rit.edu
wait.atillaekici.net
diabl0.turkcoders.net
l33t.freeshellz.org

At a minimum, make the following entries in your hosts file to prevent your machine from being pwned using IRC:

127.0.0.1 ypgw.wallloan.com
127.0.0.1 spookestreet.afraid.org
127.0.0.1 spookystreet.udp-flood.com
127.0.0.1 sppokystreet.m00p.org
127.0.0.1 spookystreet.afraid.org
127.0.0.1 www.mailinator.com
127.0.0.1 tinyurl.com
127.0.0.1 nasa.darksin.net
127.0.0.1 nasahelp.darksin.net
127.0.0.1 xaeti.m00p.org
127.0.0.1 db23a.hack-syndicate.org
127.0.0.1 esxt.is-a-i love you.net
127.0.0.1 esxt.legi0n.net
127.0.0.1 www.rit.edu
127.0.0.1 wait.atillaekici.net
127.0.0.1 diabl0.turkcoders.net
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top