Hi,
Files on the toaster will be set to size zero. Be very careful if your toaster contains source code as the virus attacks .cpp, .c and .h files.
Thank god for snapshots.
GB
From: Steve Armijo[SMTP:armijo@cs.unm.edu] Sent: 11 June 1999 09:17 To: toasters@mathworks.com Subject: the virus
ok, so amid all this wild virus scare, does anyone here know what the potential of this is to affect PC users who have shortcuts/mapped drives pointing at toasters?
-steve
-- Cue the music, fade to black, no such thing as no payback. -PWEI
[ armijo@cs.unm.edu ]
Quoting Garrett Burke Garrett.Burke@msc.ie:
Files on the toaster will be set to size zero. Be very careful if your toaster contains source code as the virus attacks .cpp, .c and .h files.
Thank god for snapshots.
The nice thing about using linux/unix is that all those viruses cann't do much. The bad thing about linux/unix is that when you get hacked it is messy!
*grin*
On Fri, 11 Jun 1999 yann.golanski@ThePLAnet.net wrote:
The nice thing about using linux/unix is that all those viruses cann't do much.
Hmm, you'd be surprised. Consider yourself lucky that the users are only as knowledgeable and demanding as they are. There are many packages out there which provide binary compatibility across hardware and software platforms. How hard would it be to start WABI or something similar from a browser based on the mime-type of the attachment.
Tom
This virus is a nasty one. I haven't seen it mentioned here, but we have discovered that it connects back to the fileserver the infected person is connected to and then scans the shares, deleting every file of the types specified, in every share, that the infected person has the ability to delete.
-ste
Work: (908) 582-7629 Pager: (800) 756-1133 Cell: (201) 310-9941
On Fri, 11 Jun 1999, Garrett Burke wrote:
Hi,
Files on the toaster will be set to size zero. Be very careful if your toaster contains source code as the virus attacks .cpp, .c and .h files.
Thank god for snapshots.
GB
From: Steve Armijo[SMTP:armijo@cs.unm.edu] Sent: 11 June 1999 09:17 To: toasters@mathworks.com Subject: the virus
ok, so amid all this wild virus scare, does anyone here know what the potential of this is to affect PC users who have shortcuts/mapped drives pointing at toasters?
-steve
-- Cue the music, fade to black, no such thing as no payback. -PWEI
[ armijo@cs.unm.edu ]
"Shaun T. Erickson" wrote:
This virus is a nasty one. I haven't seen it mentioned here, but we have discovered that it connects back to the fileserver the infected person is connected to and then scans the shares, deleting every file of the types specified, in every share, that the infected person has the ability to delete.
Just to re-iterate: It scans for shares and tries to mount them. If successful it looks for files that can be zapped. If you share files everyone:rwx then a lot of data may be affected.
On Fri, 11 Jun 1999, Garrett Burke wrote: Thank god for snapshots.
You can rename a snapshot. If you rename one to "PreVirus" it is pretty easy to write a little script that will find zero-length files that weren't zero-length in the snapshot and email the owner of the file (or do the restore automatically). [ Disclaimer: I haven't done this myself, but I'm told it is possible. ]
--tal
Were any customers on this alias affected by the worm?
I will understand if you don't want to tell me.
Practically speaking, what strategies are being used to
1. Prevent infestation
2. Contain damage on occurrence of an infestation
3. Repair the damage afterwards?
In particular, is there a NetApp specific component in that strategy?
Is there any suggestions for how products can provide better support for your protection strategies.
I like snapshots very much in the face of such incidents.
beepy
In message Pine.LNX.4.04.9906111910090.1584-100000@gryf.gryf.net, tkaczma@ gryf.net writes:
On Fri, 11 Jun 1999, Brian Pawlowski wrote:
Were any customers on this alias affected by the worm? I will understand if you don't want to tell me.
I didn't , I feel left out. I don't think the trojan worm made it out to the alias.
I got a copy of it, but wasn't affected. Large mailing lists in address books give these "new" worms interesting vectors. The subject "RE: Early Access" combined with the worm message text and the fact that it came from a vendor employee gave it a nice illusion of legitimacy. Unpleasant.
So, quick vote: Those in favor of public canings for virus authors say aye.
jason
In theory, The worm/trojan he wrote could have deleted the research for the drug that would one day save his life...
"Jason D. Kelleher" wrote:
In message Pine.LNX.4.04.9906111910090.1584-100000@gryf.gryf.net, tkaczma@ gryf.net writes:
On Fri, 11 Jun 1999, Brian Pawlowski wrote:
Were any customers on this alias affected by the worm? I will understand if you don't want to tell me.
I didn't , I feel left out. I don't think the trojan worm made it out to the alias.
I got a copy of it, but wasn't affected. Large mailing lists in address books give these "new" worms interesting vectors. The subject "RE: Early Access" combined with the worm message text and the fact that it came from a vendor employee gave it a nice illusion of legitimacy. Unpleasant. So, quick vote: Those in favor of public canings for virus authors say aye. jason
I think it should be a capital offense.
Marc A Levy wrote:
In theory, The worm/trojan he wrote could have deleted the research for the drug that would one day save his life...
"Jason D. Kelleher" wrote:
In message Pine.LNX.4.04.9906111910090.1584-100000@gryf.gryf.net, tkaczma@ gryf.net writes:
On Fri, 11 Jun 1999, Brian Pawlowski wrote:
Were any customers on this alias affected by the worm? I will understand if you don't want to tell me.
I didn't , I feel left out. I don't think the trojan worm made it out to the alias.
I got a copy of it, but wasn't affected. Large mailing lists in address books give these "new" worms interesting vectors. The subject "RE: Early Access" combined with the worm message text and the fact that it came from a vendor employee gave it a nice illusion of legitimacy. Unpleasant. So, quick vote: Those in favor of public canings for virus authors say aye. jason
On Mon, 14 Jun 1999, Douglas Ritschel wrote:
I think it should be a capital offense.
But not to the virus writers, but the people that ignorantly open them. I think that Microsoft at al. should be held accountable for the ease with which the worm takes advantage of those systems.
Tom
To reiterate snapshot use:
If you have been hit by the worm/virus, make sure you *freeze* you last good snapshot!
Use the:
snap rename <vol-name> from to
to rename something like hourly.1 to PreVirus.
You all know this better than me, I'm sure:-)
beepy
-
Brian Pawlowski -
Douglas Ritschel -
Garrett Burke -
Jason D. Kelleher -
Marc A Levy -
Shaun T. Erickson -
tkaczma@gryf.net -
Tom Limoncelli -
yann.golanski@ThePLAnet.net