Yesterday afternoon, around 2pm, the internal networks at work were invaded by WORM_NACHI.A (aka W32/Welchia.worm10240 [AhnLab], W32/Nachi.worm [McAfee], WORM_MSBLAST.D [Trend], Lovsan.D [F-Secure], W32/Nachi-A [Sophos], Win32.Nachi.A [CA], Worm.Win32.Welchia [KAV]), which generated so much internal traffic that it slowed our systems down, and our external access was blocked.
This generated an amazing amount of traffic considering that our internal workstations are 95% Windows NT, which is not affected by this worm.
This pathogen got in because a) some machines, new ones mostly, were not properly patched and b) a few machines didn't have up-to-date virus pattern files.
I don't wait for the NT group to patch my machine through SMS. I update my own. Same thing with virus protection. My machine works fine. I've never had a virus or worm on any workstation or server I'm responsible for.
If you're going to run a Microsoft shop, train your damned people how to maintain the protection on their workstations! They're not stupid. If they were stupid, you wouldn't have hired them in the first place, right? They don't have to know how to do everything, but if they're working on a computer, they should know the basics. Virus protection and security updates are the basics. Teach them.
Bill: go stand in the corner. Here's your Dickhead Dunce Cap.
Here are some URLs to try:
Trend Micro
F-Prot
McAfee
Sophos
If anyone has a favorite security site with information and removal instructions, that I have not listed here, please feel free to leave a comment, and I'll add it.
Posted by Squiddy at September 18, 2003 10:53 AM | TrackBack