Windows worms knocking out computers

[jamrock]

When RBTT ATMs were spewing money many moons ago, it is alleged that the cause was a system change/upgrade gone awry. Rushed changes can be as bad as, or worse than whatever it is they're trying to fix.

We help companies upgrade systems on a regular basis. I know that it is not as easy as it sounds.

Big companies such as CNN got hit by this worm. I saw them struggling with the worm live on television.

I guess companies will re-arrange their priorities to put patch management as a critical item. Let us see how many of them apply patches without testing them adequately now.

[Arch_Angel]

WASHINGTON (Reuters) - Authorities in Morocco and Turkey have arrested two men for unleashing computer worms that disrupted networks across the United States last week, the FBI said on Friday.

Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey, are believed to have been responsible for the Zotob worm that hit the Internet less than two weeks ago, along with predecessors called Rbot and Mytob released earlier, the FBI said.

Read full story: http://today.reuters.co.uk/news/News...H-CRIME-DC.XML

[Aldayne]

Wow... they got caught rather quickly, serves them right, the authorities need to make examples of them showing other malicious coders the consequences of insolence.

[pogi_2nr]

lol what microsoft needs to do is hire some worm writers on the dl and get them to write
worms to patch systems whenever one of these massive holes pop up.

[jamrock]

Unfortunately, that's not the case.

When RBTT ATMs were spewing money many moons ago, it is alleged that the cause was a system change/upgrade gone awry. Rushed changes can be as bad as, or worse than whatever it is they're trying to fix.

Remind me of this incident. What really happened here?

[BlackCryptoKnight]

Remind me of this incident. What really happened here?

Check this link for details on what happened with the RBTT ATM incident.

[jamrock]

Thanks BCK.

Now I remember. I think the police tracked down the people who had withdrawn cash in excess of their account balances. Criminal charges were laid against them. I didn't hear about any convictions.

I would hate to be a member of the RBTT IT department who was involved in that upgrade. I suspect there are gonna be a few vacancies there soon. :-\

Did this take place? Were people replaced?

This scenario brings to the fore a few important issues:

- Risk assessment and management in IT projects
That upgrade would involve certain risks which should have been identified early and managed.
- Quality assurance in projects
The work should have been completed properly and on time. Measures should be in place to test and verify sucessful
completion.
- The financial impact of security incidents.

Modifications of this type are always complicated. We advise our larger clients to set up test networks that are as similar to their production networks as possible. They can then do complete tests of proposed changes/upgrades before rolling them out on their production systems.

We do this testing before we roll out any changes on a production system. We now test everything. It is always the one thing that you don't test thoroughly that will break.

The hardest part is trying to identify each and every way that the system is used in order to get a complete list of things to be tested.

[jamrock]

Here is a followup to this discussion.

Admins are somewhere between a rock and a hard place. If we take the time to test the patches, we may fall victim to the vulnerability. If we don't take the time to test the patches, we introduce new problems into our network.

http://news.com.com/Critical+Windows...l?tag=nefd.top

The latest Windows patch has been causing some problems. I am sure many admins patched quickly because of the big media uproar re: the last worm.

How many are now having problems?