"Slammer" is SQL Slammer, one of the most devastating worms to hit the wild. To varying degrees, organizations such as airlines and power companies experienced costly service disruptions.

A lot of folks don't realize it, but while CodeRed was infecting millions of PC per hour, in the former Eastern Block countries a certain Linux distro, advertising itself as a Windows look & run-a-like, resulted in an infection of some 25,000 Linux boxes because that distro set the user up to run as root, to make things easier. The name of the Linux virus escapes me, but "Slapper" or "Slammer" (a variant of one which you mention?) comes to mind.

Here is an animated gif showing over a 14 hour period how explosive the growth of CodeRed infections were:
http://www.caida.org/research/securi...-small-log.gif

Yeah! Our very own Oshun Kerouac

A somewhat related note... some of the most intense periods during my time in Microsoft's Trustworthy Computing Group covered the days of Nimda/Blaster/Code Red/Slammer. Lots of effort to get out on the road, deliver seminars, develop some powerful content -- much good creative work on helping people understand how to get and stay secure.

Once the attacks began subsiding, TwC became somewhat boring. A number of folks openly wished for another massive worm that would help to "regenerate the troops."

Thanks for checking it out Steve, but after thinking about it, if more people get viruses, more likely they will get fed up with Win-DOHs and abandon it, lol.

Agreed, those idiotic Win-DOHs commercials are soooooooooo annoying, remember the ones with the little kids? A good spoof would have the kid burst in tears after a lock up/BSOD, or better yet, one of those scary screen 'melting' viruses complete with scary skull and cross bones, lol.

Just not while you're driving!

Yeah, don't you kinda hate that "Googled" has replaced "searched the web" as lingo? Only one worse is "PC" somehow became "Computer running that crappy OS" rather than just "Personal Computer." F-U ad campaign a-holes, my "PC" runs linux!


Geez, maybe I shouldn't post after we finish the second bottle of wine, huh?


Next week we'll be on the road - RV vacation. Maybe I'll post a "Linux from the Road" thread....

....no doubt there will be alcohol involved, lol.

Dang it! Foiled AGAIN!!!

It appears not to be as simple as installing clamav-daemon and then being done. I [strike]Googled[/strike] StartPaged a bit and most of what I found about integrating ClamAV with Thunderbird was very out of date. If you want to go this route, you'll probably need to research it a bit more first.

Thanks all for your words about AV, I am interested in making sure I don't pass on viruses too but not sure how to get the daemon to work with Thunderbird, my default email program for years now, in and out of Win-DOHs.

True, it doesn't take long. But, I'm lazy. I use my gmail address as the primary and have it pass what isn't filtered out to my ISP email account, which I do not hand out to often.

https://startpage.com/do/search?query=scareware

Wikipedia and, uh, Microsoft beat you to it

I tend to be uniformly critical of SPF, Sender ID, Domain Keys, and DKIM. It's something of an overstatement, but these can be boiled down to an assertion something like "Hey, you can trust me, and here's a DNS record that proves it!" As if DNS were completely trustworthy and devoid of integrity violations -- yeah, right. Enabling these reputation things tends to actually raise your profile among Spamhaus and their ilk. Higher profile = greater scrutiny, which I would prefer not to accrue.

One thing I have noticed, though, is that the simple presence of a ClamAV/SpamAssassin/Amavisd SMTP header lowers your potential spam score. Lower is good. So I avoid the reputation stuff, and thus avoid the risk of falling afoul of any reputation filters, while still raising the quality of my outbound email by sending it through a scanner on my Postfix server and relaying it via a known good relay that requires authentication (DynDNS and Comcast appear to work equally well for this final requirement). Passing inbound and outbound email through ClamAV/SpamAssassin/Amavisd takes less than a second.

I tried just high level formatting but the MBR infection just made a call to its parent in the hidden Windows drive and re-infected the machine. After that I just cut to the chase, told them they would have to either switch to Linux or be prepared to buy another copy of Windows. All but one opted for Linux and their HDs got the hidden partition removed and combined to create one big partition, and the entire HD was given the dd destroy command, nuking everything including the MBR. After that a Kubuntu installation was only 20 minutes away.


I did a lot of that for my Windows using friends, but when the MBR Trojans began showing up that pretty much spelled the end of me cleaning up their Windows boxes. Only one wanted to buy a new copy of Windows. He used his misfortune as an opportunity to buy Win7. Since then he asked me ONCE to help him out, but I said there would be no end to it and refused. His wife did all the banking (on line with Windows) and her computer had a viruses too, but she never asked me to clean her's up or to install Linux. When I told her she had a Trojan as well and advised her to change her bank and CC passwords she asked about a LiveUSB that she had seen her husband run. I gave her one of those, running Kubuntu 10.4, and she's been using it to do her online banking and shopping, but she uses Windows for everything else.