[funsec] Rinbot Brings Back Old Times to County Offices

Richard M. Smith rms at computerbytesman.com
Fri Mar 9 12:20:00 CST 2007


Someone isn't keeping up with their security patches:

http://www.symantec.com/security_response/writeup.jsp?docid=2007-021615-1555
-99
<http://www.symantec.com/security_response/writeup.jsp?docid=2007-021615-155
5-99&tabid=2> &tabid=2

The Rinbot worm then attempts to spread by exploiting the following
vulnerabilities:

 <http://www.securityfocus.com/bid/18107> Symantec Client Security and
Symantec AntiVirus Elevation of Privilege (BID 18107)
 <http://www.securityfocus.com/bid/19409> Microsoft Windows Server Service
Remote Buffer Overflow Vulnerability (BID 19409)
 <http://www.securityfocus.com/bid/5411> Microsoft SQL Server User
Authentication Remote Buffer Overflow Vulnerability (BID 5411)
 
Richard

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Fergie
Sent: Friday, March 09, 2007 1:12 PM
To: funsec at linuxbox.org
Subject: [funsec] Rinbot Brings Back Old Times to County Offices

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The Washington Post.

[snip]

Typewriters were dusted off, hand-held radios were tested, and Anne Arundel
County employees reported having to walk between offices rather than sending
e-mails yesterday after a virus led to the shutdown of more than 2,500
computers.

The fast-spreading virus infected as many as 200 county computers Wednesday,
and technicians shut down the entire network for Anne Arundel offices for
more than 24 hours.

The disruption left hundreds of employees without access to databases, the
Internet and printers, but 911 emergency services and financial transactions
such as bill payments were not affected, officials said.

By the end of the day, parts of the network were up and running. But during
the two days of network shutdown, some county employees said they were
forced to resort to tools and methods abandoned long ago in the name of
technological progress.

[snip]

More:
http://www.washingtonpost.com/wp-dyn/content/article/2007/03/08/AR200703080
2012.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFF8aNcq1pz9mNUZTMRAklOAJ4v/ESWsExjBco8ZVBsPqUj/Az7DQCg8Exj
U7XGReKHSi8e6vOW9CoNZB8=
=PLPp
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg(at)netzero.net  ferg's
tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxbox.org/pipermail/funsec/attachments/20070309/e67e2527/attachment.htm


More information about the funsec mailing list