Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible First Crypto Virus Definitely Discovered!

From: "Billy B. Bilano" <mr.bill.bilano () email server unix bill bilano biz>
Date: Thu, 10 Jun 2004 14:06:33 -0500
Hi Sean!

I have given up on this news group for the time being as everybody was
sending me hate mail because of my virus report and calling me nasty names
(like "troll"). LOL! And I can run quite fast, thank you very much!

I wound up blocking port 443 inbound and outbound on the firewall to stop
the spread of the virus! It seems to have worked but now we are facing
bigger problems! None of our bank customers can get into the system any
more! They click the "login" button and it just gives them a "page not
found" error. Oddly enough it works from inside the office but not outside!
(I can't test since I bank with the other place) Nobody in the office seems
to be able to buy anything from websites. I can't even get into our CDW
account to buy more floppy disks!

Since you can't get rid of a virus like this we are going to get rid of the
Windows! The CEO told me to get rid of the virus and get the servers back up
at whatever the cost! So now that I have a blank check I am going to do
what's right and go BIG IRON! I am putting in the PO for four loaded Sunfire
6800's to replace our two dual Xeon Windows web servers. Since the site is
already written in JAVA it should be no problem since Suns run the JAVA in
hardware!

I am a little concerned because Sun calls these mid-range servers and Dell
calls our dual Xeon servers "high-end", but Sun's web sites assures me they
are good for "financial services" in they Key Industries list -- and we're a
bank so that's us! Just in case, I am buying two extra 6800's so we'll have
four web servers instead of two! I sure hope they are good enough...

I am sure these will be much better in terms of security though as Sun is
putting a Canary in them to stop buffer overflows! Just like the old days in
the mine shafts! The XOR is protected, too, from what I understand. So with
these we wont have to worry about the w32.ssl.bs!

P.S. Don't forget to check my bloglog! <http://www.bilano.biz/>

--------
Mr. Billy B. Bilano, MSCE, CCNA
<http://www.bilano.biz/>
Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL'  -- RMS


----- Original Message ----- 
From: "Sean Crawford" <sean01 () accnet com au>
To: <full-disclosure () lists netsys com>
Sent: Thursday, June 10, 2004 9:35 AM
Subject: RE: [Full-disclosure] Possible First Crypto Virus Definitely
Discovered!



Does anyone keep track of the record number of bites in a thread to a
Trolling run...this would have to be close to a record...

A rather successful fishing trip Bilano....what's the catch weigh in

as??...



--> Angoitia
-->
--> dont feed the clown!
-->
-->

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: