Worms affecting unfirewalled Windows 98 SE

  • Thread starter Thread starter Ian B.
  • Start date Start date
I

Ian B.

Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?

TIA,
Ian
 
Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?
Click to expand...

Some propagate via poorly protected shares. Bugbear is one that comes
to mind. If you had file sharing disabled, that should have helped
quite a bit. Anyway, what's the problem with scanning the drive to
find out?


Art
http://www.epix.net/~artnpeg
 
Ian B. said:
Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?
Click to expand...

The Blaster worm variants that use the DCOM RPC exploit
won't affect Win98 even if DCOM RPC has been added to
that platform. At least that is how I understand the situation.

There are plenty of other things to worry about though. Why
don't you scan it for adware, spyware, and malware that you
could have "drive-by" downloaded while browsing?
 
but I just wanted to check, are there any?
Click to expand...

There are some, but if you don't have file and printer sharing
installed or if it is installed but not bound to the tcp/ip stack of
your Internet connection then you are okay without a firewall.


Jim.
 
Ian said:
Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?
Click to expand...

If you disable 'Windows Networking' it is probably safer then W2K and XP
 
The Blaster worm variants that use the DCOM RPC exploit
won't affect Win98 even if DCOM RPC has been added to
that platform. At least that is how I understand the situation.
Click to expand...

Where is the information on this about DCOM on a Win9x O/S will not be
affected by the RPC exploite? From my understanding of DCOM, DCOM is DCOM
no matter what Windows O/S it is on.

Duane :)
 
Duane Arnold said:
Where is the information on this about DCOM on a Win9x O/S will not be
affected by the RPC exploite? From my understanding of DCOM, DCOM is DCOM
no matter what Windows O/S it is on.
Click to expand...

After discussing this at length last year, I ran across a TechNet or
KnowledgeBase article which mentioned that the implementation
of DCOM RPC on those platforms does not install the affected
program module - so there is no DCOM RPC vulnerability on
those platforms.

I rather doubt my ability to track down this article, but I will
give it a try and post back ~ don't hold your breath though. ;o)
 
FromTheRafters said:
After discussing this at length last year, I ran across a TechNet or
KnowledgeBase article which mentioned that the implementation
of DCOM RPC on those platforms does not install the affected
program module - so there is no DCOM RPC vulnerability on
those platforms.

I rather doubt my ability to track down this article, but I will
give it a try and post back ~ don't hold your breath though. ;o)
Click to expand...

This one states that W9x and WMe are not vulnerable.
Not much tech. info. :(

http://go.microsoft.com/?linkid=220723

J
 
Duane said:
The link stops at the Search Page.

Duane :)
Click to expand...

Aw sh... ancient (dated 8-14-03)? Could be my screwup, too.
Anyway, if you wish, I can email you a copy that page.

J
 
Never mind emailing -- here it is now (and updated 1-22-04):
http://www.microsoft.com/security/incident/blast.asp
Click to expand...

I saw that link awhile back and it may be correct that the Win 9'x and ME
O/S may not be exploited by the particular Blaster exploit, since the
programming logic to do the exploit may be using COM or COM+ programming
discipline which is exploitable on the NT based O/S(s) only and the fact
that it's installed by default on those O/S as there may be applications
that are installed on those platforms that use COM or COM+ in the
programming logic.

DCOM if installed on a Win 9'x or ME O/S can be exploited most likely by
another Win 9'x or ME O/S machine on a network. Those O/S(s) are old and
outdated technology and their time has come and gone. And they don't have
the prestige like the NT based O/S have when they are exploited. So, no one
bothers to go after those platforms.

But DCOM is DCOM and it can be exploited no matter what O/S platform its
on. That's to my understanding of it.

Duane :)
 
This one states that W9x and WMe are not vulnerable.
Not much tech. info. :(

http://go.microsoft.com/?linkid=220723
Click to expand...

Looking around I find many places like that - not affected - no
amplifications as to why. I also find many places subscribing to
the belief that they are affected (none from Microsoft on this
side of the fence) again with no specific details.

My statement still stands (because it was specifically about the
"Blaster" RPC vector), but the implications that the vulnerability
doesn't exist on those platforms can't be backed up with any
official documentation that I can find. I still believe it to be the
case however. DCOM is DCOM, but the implementation of
it on differing platforms makes it so that not all are identical.
 
Back
Top