[Dshield] Thank you Johannes and Dshielder's

John Sage jsage at finchhaven.com
Wed Aug 13 15:23:30 GMT 2003


Paul, et al:

On Wed, Aug 13, 2003 at 10:33:39AM -0400, Paul Marsh wrote:
<snippage> 
>   I've been watching/listening/reading the major news agencies over
the past two days first off let me say a day late and a dollar short,
it's amazing how un-informed some people really are.  A reporter on
CNN last night thought it was funny when her system started rebooting.
Most news agencies are reporting that if you update your AV, run a
removal tool and apply the patch your system is OK.  Why aren't these
people reading and understanding what's going on?
http://isc.sans.org/diary.html?date=2003-08-09 

One major problem that advertising by the anti-virus companies
produces is that people think that updating their AV signatures is all
they need to do regarding *any* security issue.

I can't tell you the number of people in the last day or two who have
said to me "Well, I just update my [insert major AV company]
signatures, so I don't have anything to worry about."

I reply "Well, no, this isn't a virus, this is a worm." and they go
blank.

And I counted over 500 distinct hosts within my very local 12.82.x.x
address space probing my firewall between midnight 08/12 and about
6:00pm that evening.

If my local address space (AT&T dialups, mostly..) is any indication of
how saturated home user address space in general has been affected, a
*lot* of people are screwed, and the fallout from this is going to go
on for a *long* time.

And that's not all.

Local news (metro Seattle-Tacoma, WA) reported that the City of
Seattle's computer systems in general were majorly screwed, as well...


- John
-- 
"Obviously, we do not want to leave zombies around."




More information about the list mailing list