County + Blaster Worm + Newspaper

**+Daemon+** · August 27th, 2003, 09:26 AM

Well it looks like the county I work for (Riverside County, in southern california) was in the news papers this morning about how bad we got infected by the blaster worm, funny thing is out of all the departments mine department was the only one that was not affected... nice eh? oh ya cause I work here muahhahha

any who here is the article.

==================SNIP=======================
Worm's cost tops $1 million

BLASTER: The computer invader kept county technicians and others working long
hours.

01:48 AM PDT on Wednesday, August 27, 2003

By DAVID SEATON / The Press-Enterprise

A computer worm that infected networks across the globe cost Riverside County
$1 million to fight, Steve Reneker, the chief information officer, told
supervisors Tuesday.

The figure surprised some supervisors, who along with other county employees
had their Internet and e-mail service interrupted periodically starting nearly
two weeks ago.

Outside computer users also could not connect to the county's Web site or
search through other computerized information, such as court records. Reneker
said he thought the system was down for a total of 12 hours.

Supervisor Bob Buster asked Reneker whether the county could get reimbursed by
Microsoft, the software provider.

"They sell us this stuff at great costs," Buster said. "It is faulty, it is
not secure and safe, and it is vulnerable to these continuing attempts to
sabotage."

But Reneker said a better solution is to fund law enforcement efforts to catch
the perpetrators. Better internal education and preparedness would also help,
he said.

Some county departments did not implement a directive in July to patch all the
computers against such attacks, Reneker said.

The worm probably came in through a laptop plugged into the county's network
by an employee. Reneker declined to identify the department in which the worm
was first detected. But that laptop should have been scanned for problems in
accordance with county policy, Reneker said.

Because of the worm, dubbed Blaster, and its variants, all 12,500 personal
computers and 500 servers had to be patched, Reneker said.

The $1 million cost stems from a team of 20 technicians working on the problem
around the clock, Reneker said, plus the efforts of 600 professionals in the
Information Technology Department.

"We just came out with a security policy two months ago," Reneker said. "Every
employee is required to read and sign.

"People need to understand to take security seriously," he added, and make
sure that the patches and security systems are kept as current as possible.

Reneker said costs continue to mount because four departments are still
cleaning up worm occurrences. Two other computer infections this year cost the
county $198,000 and $60,000, respectively, he added.

Computers at the city of Riverside, which uses Riverside County's Internet
domain, were also infected.

Communications officer Sharon Cooley said the city has spent about $4,000 in
labor costs to fix a second worm that appeared after Blaster.

"We've been doing a lot of patching, which takes a lot of staff time," Cooley
said.

=====================SNIP=====================

**FatalException0E** · August 27th, 2003, 09:54 AM

Supervisor Bob Buster asked Reneker whether the county could get reimbursed by
Microsoft, the software provider.

"They sell us this stuff at great costs," Buster said. "It is faulty, it is
not secure and safe, and it is vulnerable to these continuing attempts to
sabotage."

HAHAHAHAHA!!!!!!!
The patch came out WHEN ?

**+Daemon+** · August 27th, 2003, 10:09 AM

Originally posted by FatalException0E
HAHAHAHAHA!!!!!!!
The patch came out WHEN ?

ya the main IT guy he a moron...they always get hit...oh and did I tell ya my department diidnt get hit muahahhaah

**drewmaztech** · August 27th, 2003, 11:18 AM

Well if they had spent the money in the beginning to get proper staffing to do all the patches - or invest in patch-management software, they wouldn't be out the 1mil.

As far as I'm concerned, MS covered their rears by putting that patch out. Jeez - it was all over the news about the exploit weeks before the attack.

**MacGyver** · August 27th, 2003, 11:41 AM

I had all our machines patched (including my own at home) over a month before all this crap started. You know, I think the bad publicity (OVERHYPE) that some MS updates have got for causing problems on a minute number of computers, have turned some people off to Windows Update. So they didn't bother updating like they should have.

**Ya_know** · August 27th, 2003, 12:48 PM

Originally posted by MacGyver
I had all our machines patched (including my own at home) over a month before all this crap started. You know, I think the bad publicity (OVERHYPE) that some MS updates have got for causing problems on a minute number of computers, have turned some people off to Windows Update. So they didn't bother updating like they should have.

And that is the key point. Microsoft did cover their a$$ by publicly announcing this vulnerability, and the availability of the corrective patch. However there are countless reasons not to install an update. View this article for instance:
http://usa.autodesk.com/adsk/servlet...linkID=2476059

Up until just a few days ago AutoDesk specifically stated in this article that the MS Hotfix 823980 should not be applied, and that Service pack 4 should not be installed. If they were, the solutions were to remove them, and install an at the time “call in” update from MS---Let me reemphasize...their instructions up until only a few days ago was to not install the 823980 patch!!!

A lot of things can be blamed, Microsoft certainly being one of them. But the proper documented research and explanation as to why this patch wasn't installed by the county would have to be brought out in litigation. Finger pointing isn't enough when you are talking about a million dollars.

If my firm had been hit and we lost money, I would have printed out the original AutoDesk articles, and prepared a case against them. It was only after careful decision otherwise just days before the attack that I decided to address the Microsoft vulnerability, as opposed to a function in AutoCAD that my guys would probably never encounter…fortunately!

**+Daemon+** · August 27th, 2003, 01:46 PM

thing is, this just tells you how much government employees work... they dont... they had win2k systesm still without sp1 WITHOUT EVEN SP1 wtf!!

every system in my department has sp4 and has the SUS client..we have a SUS server here and been using it for a year now.

SUS - this is a server that will download windows updates from windows servers and the clients get there updates automaticly from the local source server.

the thing is, this is not the first time somthing like this has happend, this happends all the time, liek the begining of this year county got hacked, well my depart was still safe but everyone else wasnt

oh-well they will never learn.
plus with grey davis screwing things up we dont have the fundings anymore for more staf etc.. county is actually laying off poeple because of Grey Davis...

one more thing, I find out about virus's the day they are found, and 2 days later I get a email saying. "Warning: new virus" etc... from Main I.T. hummm

[/rant]

**silencio** · August 27th, 2003, 02:16 PM

At bellsouth most machines were still at NT4SP3 when we started rolling out windows 2000. There's a lot of things in the way of productivity in large/government offices.

**Pinnacle** · August 27th, 2003, 09:41 PM

. . . Because of the worm, dubbed Blaster, and its variants, all 12,500 personal computers and 500 servers had to be patched, Reneker said. . . .

Daemon, are these numbers accurate? I have never worked for the government before, but it seems like your county has a lot of hardware. What do you need all this for?

**+Daemon+** · August 28th, 2003, 09:47 AM

Originally posted by Pinnacle
. . . Because of the worm, dubbed Blaster, and its variants, all 12,500 personal computers and 500 servers had to be patched, Reneker said. . . .

Daemon, are these numbers accurate? I have never worked for the government before, but it seems like your county has a lot of hardware. What do you need all this for?

county..think of it this way

flood control
waste control
fire department
police department
etc...

thats the county there are alot of departments

my department has 250 workstations and 40 servers..non were infected