MadAdmin has brought this to us :
> On Thu, 07 May 2015 11:24:21 -0400, FromTheRafters
>  wrote:
>
>> MadAdmin wrote on 5/7/2015 :
>>> On Tue, 5 May 2015 21:42:44 +0000 (UTC), Diesel 
>>> wrote:
>>> 
>>>> Virus G_u_y  news:55462B7A.FF9108FB@G-u-y.net Sun,
>>>> 03 May 2015 14:06:50 GMT in alt.comp.anti-virus, wrote: 
>>>> 
>>>>> fjrnbdjukg@mycomputer.com wrote:
>>>>>  
>>>>>> No Anti-Virus software works.  But you're likely one of the
>>>>>> billions of people who believe it does something and you give
>>>>>> large amounts of money to the rip-off companies who sell their so
>>>>>> called "anti-virus" crap.
>>>>> 
>>>>> I've been saying the same thing here for years.
>>>> 
>>>> I already know from previous discussion with you, that you're an IT 
>>>> idiot. Based on what the OP wrote, they don't seem to be very bright 
>>>> either and would probably be better off with an abacus. Computers 
>>>> aren't toasters and do require a certain level of care and user 
>>>> intelligence that isn't required to operate a microwave or toaster.
>>>> 
>>>>> It's also probably the case that IT people simply see it as job
>>>>> security to constantly inflate their department's budgets by
>>>> 
>>>> Bull####. IT depts have plenty to do without the hassle of malware.
>>>> 
>>>>> Again, something I've been saying here for years.  Just look at my
>>>>> past posts where I show poor initial detection of files submitted
>>>>> to VirusTotal.
>>>> 
>>>> You don't understand how it works. Feel free to read the posts where 
>>>> you demonstrate that! Repeatedly. :(
>>>> 
>>>>> All of this is courtesy of Micro$oft, and their treasonous
>>>>> subversion of the computing security of the US and nations around
>>>>> the world just to satisfy their short-sighted financial need to
>>>>> replace then-current Win-9x/me (which did not require remote
>>>>> server-based product activation) with the best trojan-hosting
>>>>> platform known to mankind -> Windows XP.  
>>>> 
>>>> Completely untrue. You're insane.
>>>> 
>>>> Don't forget to remind people that you recommend windows 9x over the 
>>>> later editions. If people still listen to your advice, they deserve 
>>>> every single problem they run into!
>>>> 
>>> 
>>> Ya know I've still got WfW. Wonder what would happen if I turned it
>>> loose on the internet. Of course not sure if I have an ancient version
>>> of Netscape or not though.....
>>> 
>>> I do recall building a new Win2K box in the DMZ and went to download
>>> SP1 and it got infected.... SO had to download the SP from another
>>> machine and rebuild the box again. I forget which bug that was but
>>> obviously I'd forgotten it was loose when I did that....
>> 
>> Was that the RPC/DCOM bug?
>> 
>
> Been so long I can't recall offhand. I thought the incident was prior
> to that bug but can't say for certain. I just recall the incident and
> that at the time there were a number of various virus/worm/etc. mostly
> hitting the network through stupid users - including a manager who
> brought his home computer in to try to hook on the network and
> infected about 8 states before I saw the insane amount of traffic. AND
> after we were halfway through cleanup the prick turned it back on
> certain his machine wasn't the source and that we were just being
> pricks. SO that location became my first one with totally locked down
> DHCP...... Got a lot of flack in the forums over my approach that it
> made networks "so difficult to manage" but unless you have a whole
> bunch of machines that come and go and HAVE to recycle local addresses
> (and even Intel's network was never THAT big) I still don't see it as
> an issue and I always liked knowing exactly what was inside my
> network. I had some extremely detailed network maps and I had more of
> a skeleton crew managing that than most of the whiners who thought it
> introduced such an insane additional workload....

IIRC Blaster was the first of those and it had code for W2K and XP 
which it would choose according to some formula. If your W2K got an XP 
attempt or vice-versa it would crash the RPCSS, otherwise it would host 
the worm.


--- NewsGate v1.0 gamma 2