North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Santa Fe city government computers knocked out by worm
In message <[email protected]>, Sean Donelan writes: > >The US is still losing relatively major city government computer networks >due to the Nachi/Welchia worm. > >Sante Fe city government's entire computer network was knocked offline >on Friday by the Nachi worm. City employees could not access e-mail or >work with their computers all day Friday, and the Santa Fe Public Library >was not able to access the Internet. > >Officials say the worm infected the system when an employee downloaded >music on a city computer. The article says the worm was able to infect >the city computer system by first disabling the system's virus detection >system. Both statements would be notable because known versions of >Nachi/Welchia don't spread that way. > >http://kobtv.com/index.cfm?viewer=storyviewer&id=6232&cat=HOME > >No explaination why Sante Fe officials had not patched the city's >computers in the three months since Microsoft announced the vulnerability >and released the software updates. Nor why Sante Fe didn't have up to >date anti-virus programs running on its computers. > I draw a different conclusion from the article: the channel from the techs who worked on it to the reporter was lossy... As you note, Nachi/ Welchia aren't spread by music downloads, nor do they disable AV software. I suspect that a Trojan'ed file-sharing program is more likely the culprit. --Steve Bellovin, http://www.research.att.com/~smb
|