Anti-Sasser蠕虫消息 [英] Anti-Sasser Worm Message

问题描述

正如你们许多人所知，我偶尔会收到来自MS团队的消息。

各种各样的东西。今天我得到了以下内容，（个人而言）我认为

它肯定值得传递。


如果你没有保护自己免受震荡波虫，收听好评

关闭网！ < Grin>


不，说真的，得到补丁。还有防火墙。甚至其中一个像Zome Alarm或Outpost这样的免费个人bb警报或其他任何东西，然后

希望有一天，所有这些......东西......都会停止。 （嘿，我可以

梦想，不是吗？是的，我知道，总有一个人会因为它赢了 碰巧发生在我身上并且什么也做不了。然后它就会发生给他们。他们把它传播给其他所有人说不可能。 b $ b发生在我身上！"<叹息>）


好​​的，我闭嘴的时间和你阅读这个重要的部分

消息。所以，请阅读以下内容并......让我们在那里安全！


================ ================================== ================ =====


您还可以在
http://www.microsoft.com/security/incident/sasser.asp 。


= ================================================= = ====================


这是什么警报？


- 微软已经意识到一种被认定为b32的蠕虫病毒W32.Sasser.worm。它目前正在互联网上传播。

蠕虫利用本地安全机构子系统服务

（LSASS）漏洞修复了Microsoft安全更新MS04-011
2004年4月13日。


- Microsoft鼓励客户通过安装Microsoft安全公告MS04-011来保护自己免受此b / b $ b $蠕虫的攻击/>
< www.microsoft.com/technet/security/bulletin/ms04-011.mspx>

立即。


- 客户已经启用Windows XP防火墙的人受到这个蠕虫攻击的向量的保护，这是TCP端口139.大多数第三个


如果您在阅读上面列出的公告后对安全更新或其

实施有任何疑问，您应该

联系产品在美国的支持服务

1-866-PCSafety（1-866-727-2338）。国际客户应该与他们当地的子公司联系。


谢谢，

Microsoft PSS安全团队

As many of you know, I occasionally get messages from the MS team on
various things. Today I got the following, and (personally) I think
it certainly is worthy of passing on.

If you haven''t protected yourself from the sasser worm, GET THE HECK
OFF THE NET!! <Grin>

No, seriously, get the patch. And a firewall. Even one of the free
personal ones like Zome Alarm or Outpost or whatever, and then
hopefully, someday, all this ... stuff... will stop. (Hey, I can
dream, can''t I? Yeah, I know, there''s always going to be someone who
says "it won''t happen to me" and won''t do anything. Then it happens
to them. And they spread it on to everyone else who said "It can''t
happen to me!" <sigh> )

Ok, time for me to shut up and you to read the important part of this
message. So, Read the below and... "Let''s be safe out there!"

================================================== =====================

You can also locate information on resolving this problem at
http://www.microsoft.com/security/incident/sasser.asp.

================================================== =====================

What is this alert?

- Microsoft has been made aware of a worm identified as
"W32.Sasser.worm" and it is currently circulating on the Internet.
The worm exploits the Local Security Authority Subsystem Service
(LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on
April 13, 2004.

- Microsoft encourages customers to protect themselves against this
worm by installing Microsoft Security Bulletin MS04-011
<www.microsoft.com/technet/security/bulletin/ms04-011.mspx>
immediately.

- Customers who have enabled the Windows XP Firewall are protected
from the vector this worm attacks, which is TCP Port 139. Most third
party firewalls also block this attack vector by default.

If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should
contact Product Support Services in the United States at
1-866-PCSafety (1-866-727-2338). International customers should
contact their local subsidiary.

Thank you,
Microsoft PSS Security Team

推荐答案

c.*******@worldnet。 att.net （查克格里姆斯比）写道

新闻：5f ************************** @ posting.google.c om：

c.*******@worldnet.att.net (Chuck Grimsby) wrote in
news:5f**************************@posting.google.c om:

正如你们许多人所知，我偶尔会收到MS团队发来的关于各种事情的消息。今天我得到了以下内容，并且（个人而言）我认为它肯定值得传递。

如果你没有保护自己免受震荡波虫的侵害，那么就获得检查网！ <自聚焦>


我对宽带互联网服务提供商的愚蠢不断感到惊讶

向用户出售一个可以将他们的Windows PC放在那里的软件包

互联网，他们之间没有任何东西和野外和毛茸茸的

世界。


如果您的计算机有宽带连接并且您的PC已连接

直接连接到有线/ DSL调制解调器，你是一个白痴。


购买一个Linksys路由器并将它放在两者之间。这默认情况下使用

NAT，这样就无法从

外部连接访问路由器内部的任何内容。这意味着任何通过

传播从Internet到PC的连接的漏洞都无法感染您的PC。


如果您不想花费

As many of you know, I occasionally get messages from the MS team
on various things. Today I got the following, and (personally) I
think it certainly is worthy of passing on.

If you haven''t protected yourself from the sasser worm, GET THE
HECK OFF THE NET!! <Grin>
I am continually astonished at the stupidity of the broadband ISPs
who sell users a package that puts their Windows PCs right there on
the Internet with nothing in between them and the wild and woolly
world out there.

If your computer has a broadband connection and your PC is connected
directly to the cable/DSL modem, YOU ARE AN IDIOT.

Buy a Linksys router and plop it in between. This by default uses
NAT so that nothing on the inside of the router is accessible from
outside connections. This means that any exploit that spreads by
initiating a connection from the Internet to your PC cannot infect
your PC.

If you don''t want to spend the

50，那么安装一个软件

防火墙。


我正在运行我的PC，直接连接到RoadRunner的网络

，因为RR的网络存在问题（我希望改为

RR的网络在下个月将恢复我的能力，我的路由器支持
。事实上，我在去年8月的那种配置中运行了当Blaster命中时，它是
。


我是否被感染了？


不！


为什么？


因为我有一个软件防火墙（微型个人防火墙）

阻止连接的冲击波。我也有RPC定位器

服务被禁用，所以即使我没有

有防火墙它也不会工作。


我当时在加利福尼亚州，所以这不是我可以轻易改变配置的情况（我有VNC设置和

听取连接，所以我能够连接到我的电脑和

远程控制它做各种事情，比如检查我的电子邮件）。


所以，我正在运行在一个危险的配置，但我仍然没有感染
。


过去我不建议使用软件防火墙

拨号，因为拨号用户没有受到连接请求的影响

（这是基于我自己使用软件防火墙的经验

with a拨号连接;我会看到每周一次的探测），但

大幅改变。您可能还需要一个带拨号的软件防火墙

。

不，严肃的说，得到补丁。还有防火墙。甚至像Zome Alarm或Outpost等其中一个免费的个人，以及
然后希望有一天，所有这些...东西......将会停止。 （嘿，我可以做梦，不是吗？是的，我知道，总会有人说它不会发生在我身上并且赢了什么都不做。
然后就发生在他们身上。然后他们把它传播给其他人
谁说这不可能发生在我身上！< sigh>）

50 on that, then install a software
firewall.

I am running my PC connected directly to RoadRunner''s network
because of a problem with RR''s network (I''m hoping that a change to
RR''s network in the next month will restore my ability to run behind
my router). Indeed, I was running in that configuration last August
when Blaster hit.

Did I get infected?

No!

Why?

Because I had a software firewall (Tiny Personal Firewall) that
prevented blaster from connecting. I also had the RPC locator
service disabled so that it wouldn''t have worked even if I had not
had a firewall.

I was in California at the time, so it was not a situation where I
could have changed configurations easily (I had VNC set up and
listening for connections, so I was able to connect to my PC and
remote control it to do various things like check my email).

So, I was running in a dangerous configuration, but I was still not
infected.

It used to be that I didn''t recommend a software firewall for
dialup, because dialup users didn''t get hit by connection requests
(this was based on my own experience of using a software firewall
with a dialup connection; I''d see a probe about once a week), but
that as changed drastically. You probably need a software firewall
with dialup, as well.
No, seriously, get the patch. And a firewall. Even one of the
free personal ones like Zome Alarm or Outpost or whatever, and
then hopefully, someday, all this ... stuff... will stop. (Hey, I
can dream, can''t I? Yeah, I know, there''s always going to be
someone who says "it won''t happen to me" and won''t do anything.
Then it happens to them. And they spread it on to everyone else
who said "It can''t happen to me!" <sigh> )

这是一个你应该做几件事的情况：


1.获得补丁。

2.获得防火墙。


3.修改您的网络基础设施以保护自己默认

来自外部攻击。


关于补丁，我通常不会安装MS的安全补丁，因为它们大部分都不适用于我。但是任何RPC补丁我都会立即下载并申请，因为这些补丁非常重要。与LSASS补丁相同的

（这个蠕虫不是在利用它吗？）。


但是，如果你的PC无法访问NAT子网，它不能被外部连接感染（由外部PC发起

你的NAT子网 - 如果你的另一台PC上有即使您的PC没有补丁并且没有运行防火墙，也会感染所有NAT PC的网络，它可以感染所有NAT PC。


但如果你有这种情况，不要过于自满 - 它不能保护你免受通过其他载体到达你PC的蠕虫的伤害。 />
就像电子邮件病毒一样。 NAT路由器无法阻止来自受木马或蠕虫感染的PC的外出连接。


Code Red和Nimda应该有当这出现时，每个人都会敲响警钟，就像ILOVEYOU应该是vbScript

和Windows Scripting Host一样。

但是大多数人根本就没有注意。


看看我们所处的混乱。


-

David W. Fenton http：// www。 bway.net/~dfenton

dfenton at bway dot net http://www.bway.net/~dfassoc

This is a case where you should do several things:

1. get the patch.

2. get a firewall.

3. revise your network infrastructure to protect yourself by default
from outside exploits.

In regards to the patches, I don''t usually install MS''s security
patches because they mostly don''t apply to me. But any RPC patches I
download and apply immediately, as those are pretty important. Same
with the LSASS patch (wasn''t that what this worm was exploiting?).

But, again, if your PC is unreachable on a NAT subnetwork, it can''t
be infected from an outside connection (initiated by a PC outside
your NAT subnetwork -- if there''s another PC on your network that''s
infected, it can infect all the NAT PCs) even if your PC has none of
the patches and no firewall running.

But don''t get too complacent if you have that scenario -- it can''t
protect you from worms that get to your PC through other vectors,
like email viruses. A NAT router won''t do anything to stop an
outgoing connection from a trojan- or worm-infected PC.

Code Red and Nimda should have been the wake-up calls for everyone
when this came up, just as ILOVEYOU should have been for vbScript
and the Windows Scripting Host.

But most people simply don''t pay attention.

And look at the mess we''re in.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

RE /

以前我没做过不推荐用于
拨号的软件防火墙，因为拨号用户没有受到连接请求的影响
（这是基础d我自己使用软件防火墙的经验
与拨号连接;我会看到一个关于每周一次的探测），但是那个变化很大。你可能还需要一个带拨号功能的软件防火墙。

It used to be that I didn''t recommend a software firewall for
dialup, because dialup users didn''t get hit by connection requests
(this was based on my own experience of using a software firewall
with a dialup connection; I''d see a probe about once a week), but
that as changed drastically. You probably need a software firewall
with dialup, as well.

除了拨号，我什么都没有。


我的诺顿防火墙报告源源不断的SQL Server蠕虫尝试。

-

PeteCresswell

I''ve had nothing but dialup.

My Norton firewall reports a steady stream of SQL Server Worm attempts.
--
PeteCresswell

这篇关于Anti-Sasser蠕虫消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！