reliable Net Alert: WinNuke, from H-ASIA

jonathan silk silk at WMICH.EDU
Wed Mar 18 11:37:15 EST 1998


I thought this might be worth forwarding from a reliable source:
************************************************************
>                                H-ASIA
>                           March 18, 1998
>
>An alert re: WinNuke
>**************************************************************************
>From: H-Net Announcements Editor <announce at h-net.msu.edu>
>
>H-Net normally discourages the dissemination of virus alerts, because
>in almost every case the supposed virus is a hoax or has already been
>thwarted by upgraded software and new antivirus programs.  However, the
>Chronicle of Higher Education reports this week that attacks upon
>computers through the internet, so-called "WinNuking," have been
>occurring with increased frequency in the past months, and that news
>about a free patch protecting against win-nuking has not been widely
>disseminated to universities.
>
>These "attacks" are not viruses.  Instead, they exploit a bug in
>Windows 95/NT's networking system by forcing a shutdown/reboot of the
>affected computer.  The attacker sends a code to the host computer's IP
>address, (obtained in chat rooms, or through visits to web pages), that
>confuses Win95/NT and forces the shutdown.  The attacks themselves do
>not erase data, but they do force the user to reboot (and therefore
>lose unsaved data) and disconnect from the network.  Versions of the
>attacks have different names, such as "teardrop," "ping o'death," "land
>attack," etc., which operate on the same basic rationale and exploit
>the same flaw in the operating system.
>
>Microsoft has developed a Win95/NT fix for this bug, which can be
>downloaded free from Microsoft.  A sensible, readable, explanation of
>the situation, along with instructions and direct download links to
>Microsoft to obtain patches for Win95 and versions of WinNT, can be
>found at:
>
>http://users.nac.net/splat/winnuke/
>
>The patch itself is 968K.  It will install quickly, and does fix the bug.
>
>
>Microsoft's security bulletin on the "teardrop" variant of the attack
>is at
>http://www.microsoft.com/security/newtear2.htm
>
>Subscribers interested in tracking virus hoaxes will find the Computer
>Virus Myths site useful:
>
>http://www.kumite.com/myths/home.htm
>
>regards
>
>
>Dr. Peter Knupfer
>Associate Director
>H-Net: Humanities & Social Sciences Online
>Voice: 785-532-5824
>
>http://www.h-net.msu.edu/~asociate
>
>mailto:asociate at h-net.msu.edu
>===========================================================================
>

Jonathan Silk
SILK at wmich.edu



More information about the INDOLOGY mailing list