Our son's 2nd BIrTHdAY

Lilypie 2nd Birthday Ticker

Thursday, December 4, 2008

virus outbreak


Man...Life's bz like hell. No time to even update blog. So many interesting things happened in my life...where to start....maybe i'll update on my next post (not sure when)


As for now there has been a virus outbreak in my working environment...global outbreak...some attacker out there exploited in one of the MS vulnerabilities (out of band release) released last month. To be specific, it's MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution.


Initially all client machines and servers was patched (my team was responsible to initiate and coordinate the patching activity). However some smart peaople out there failed to adhere to instructions...causing mass exploit of servers and client machines.


Apparently the attacker deployed a worm (remotely) that could drop copies of itself to system root. From there, it accesses certain website which downloads trojans to this machines/servers. The trojan then uses random ports to access port 445 at other location i.e domain controller and Active Directory. It then does a brute force to get username and passwords.


Our IDS team initialally capture the suspicious traffic and allerted us. We then continued our investigation, found the root cause and currently performing the clean up. Our anti virus vendor came up with the bandage pattern file that detected and quarantines these malicious files.


Now we're pushing the patch (to unpatched servers/machines) via SCCM. The bandage pattern is also being deployed. BSOD also occured during the deployment...making our task miserrable. The earliest i go back home nowadays is 9 p.m. Go back then have to wake at 3.00. a.m. to sit for confrence call with the rest of the teams globally.


Lesson - Never ever take a MS patch for granted...deployed it as soon as it's released!


p.s. - *NIX users should be celebrating by now (i'm damn sure the attacker is a *NIX maestro)


3 comments:

sH@ said...

haha...miss u man...lama tak kaco ko anto...:P
tgk bawah meja ada sapa...?ju on..wakakaka

Rantong said...

Salam ziarah. Sekadar pemberitahuan demi kesejahteraan hidup.

Rancangan "Who Wants To Be A MillionaireBlogger.Net" kini, ke udara di screen komputer anda. Sertai & daftar sekarang. Kemasukan adalah PERCUMA...

ayoi said...

Bro.. Sorry for the late response. As for patch, I think MS has this Black Tuesday patch day where they will releases the patches on second tuesday of every month.

Btw for patch implementation, usually those patches of fixes will be tested on development servers before applying on production server. This just to ensure that the patches or fixes will not break any running services or application.

Just my worthless opinions maa ;)