:: 17-Oct-2000 10:22 (Tuesday) ::

I’d also like to recommend that all paranoid users consider using a virus
scanning utility and ensuring that their systems are not infected with
any other viruses or worms. My wormfree utility only attempts to remove
the several worm variants that have been known to deploy our dnetc client.
However, there have been countless other worms and viruses in the past
that all replicate through similar techniques, so if you might have been
vulnerable to them (and potentially infected) as well. A pretty good free
resident virus scanner is Computer Associates’ InoculateIT product, which
is available for free download from http://antivirus.cai.com/

Additionally, it should be noted that there are indeed several new worm
variants that illegally deploy the distributed.net client and include
email addresses different than the bymer@inec.kiev.ua that I mentioned in
my original post. Some of these others include the email bymer@ukrpost.net
or ogr@gala.net. There is a more comprehensive list about the known
variants at http://www.distributed.net/trojans.html

:: 17-Oct-2000 10:00 (Tuesday) ::

I’ve updated my wormfree utility again to fix a number of other minor
issues. Previously it required a Win98+ or Win95 with IE4 desktop update
installed (now it should run on all Win95, Win98, Win98 SE, and WinME
systems). Additionally, there were rare cases where wormfree would perform
an access violation. It now also attempts to clean a few other no-impact
registry key locations. If you have used previous versions of my wormfree
utility and are really paranoid, you can try re-running this new one.
You can download this new version from:
http://www1.distributed.net/~bovine/wormfree.zip

A related issue is a recent security vulnerability that has been found in
all Win9x systems that would enable another user to access your file
shares, even if you have assigned a very complex password to it. Although
there are currently no worms that utilize this vulnerability, this reason
alone is sufficient to warrant not arbitrarily sharing potentially
vulnerable directories that contain things that get executed. Minimally
this means that you should not share any drive or directory that includes
your WINDOWS directory or your “Program Files”. If you really must use
file-sharing for collaboration, you should create a special folder someplace
on your hard drive, and share ONLY that folder itself (and possibly include
a password, with the understanding that no password or key is truly secure).
You can read about the Microsoft Security Bulletin at the following
location: http://www.microsoft.com/technet/security/bulletin/MS00-072.asp

:: 09-Oct-2000 20:55 (Monday) ::

The Following Clients have been placed/updated for pre-release:

– SGI IRIX [6.5/MIPS/n32] v2.8011.464 2000-10-09

– AIX [4.x/All] v2.8010.463 2000-10-09

The Pre-Release Page can be found at:

http://www.distributed.net/download/prerelease.html

Please remember to report bugs at http://www.distributed.net/bugs/

Enjoy!

:: 08-Oct-2000 17:41 (Sunday) ::

The static pages for rc5 stats (such as the overall project stats page)
have stopped updating for some reason. We’re aware of it and are working
on it. Sorry for the delay.

:: 06-Oct-2000 12:25 (Friday) ::

I’ve updated my wormfree utility with a few more heuristics and strategies
for helping to clean and secure Win9x machines from an infection of one
of these replicating worms. You can download this new version (both source
and compiled binary) from the same URL:
http://www1.distributed.net/~bovine/wormfree.zip

:: 06-Oct-2000 07:22 (Friday) ::

With some of the bad things that have been happening with stats lately,
I thought it’d be nice to report something good for a change. :)

First, I’ve made a few changes to the old rc5 statsrun code recently that
have had a dramatic impact on the run time. Retroactive team joins used
to take an hour; it’s now under a minute. Email ranking for yesterday used
to take over an hour; it’s down to a few minutes. The overall run is back
down to a ‘reasonable’ amount of time (it was back in the 6-10 hour range,
depending on when it started running (the heavier activity during the US
day would slow it down)).

Here’s the real good news though: I’ve been running some rc5 logs through
the new stats system. Here’s a sample…

[10:46:56] Spawning daily.pl for rc5 [10:47:01] Beginning daily processing
routines [10:51:30] retire.sql 5 completed successfully (276 seconds)
[10:53:24] dy_appendday.sql 5 completed successfully (100 seconds)
[10:56:39] em_update.sql 5 completed successfully (183 seconds) [10:58:03]
em_rank.sql 5 completed successfully (85 seconds) [11:02:30] tm_update.sql
5 completed successfully (274 seconds) [11:02:45] tm_rank.sql 5 completed
successfully (14 seconds) [11:03:02] dy_dailyblocks.sql 5 completed
successfully (16 seconds) [11:03:56] Looking for new logs, last log
processed was 20001005-14 [11:04:09] ogr20001005-15.log.gz received: 35,857
bytes in 1.5 seconds (23.9 KB/s) [11:04:16] ogr20001005-15.log.gz
successfully decompressed (82.8% compression) [11:04:18]
ogr20001005-15.log.gz successfully filtered through ./logmod_ogr.pl.
[11:04:47] ./workdir/ogr20001005-15.log.filtered successfully BCP’d; 2,275
rows at 58.33 rows/second. [11:05:04] ogr20001005-15.log.gz successfully
processed. [11:05:31] audit.sql 5 completed successfully (141 seconds)
[11:05:38] clearday.sql 5 completed successfully (15 seconds) [11:11:46]
backup.sql 5 completed successfully (368 seconds) [11:11:51] Daily
processing for 20000902 has completed [11:12:02] daily.pl complete for
rc5

This means that the rc5 run took less than half an hour, even though a
OGR hourly run snuck in the middle. Compare that to the 3+ hours that the
statsrun takes with the old system! Granted, there are only 3 days worth
of rc5 data in the new system at this time, but due to the design of the
system, that should not have a large impact on the amount of time the run
takes.

We are still in the process of creating a version of the new php code for
rc5, but we should be ready to drop the old system entirely in the very
near future.

:: 03-Oct-2000 03:04 (Tuesday) ::

Slight change in plans… the RC5 run didn’t plow right into the run that’s
needed for Oct 02 like I thought it would, so I’m running the OGR stats
now. They should be up soon, and as soon as they are, I’ll start RC5.

:: 03-Oct-2000 00:59 (Tuesday) ::

Quick update on stats…

RC5 has been running for 20 hours or so now. It’s a bit past 50% done on
the second day of RC5 that it had to run. Of course, in that time, another
day has elapsed, so there will be yet one more RC5 run before OGR stats
run. OGR stats should kick off early this morning. Sorry for the delay.

:: 02-Oct-2000 03:08 (Monday) ::

As I’m sure many of you are aware, there was a problem with all the
statsruns last night (someone must have told the box that I’d be out of
town). I’m working on it now, and the OGR stats will hopefully be up in
an hour or so. I’ll run the RC5 stats immediately after that, so everything
should be fine in the morning.

:: 24-Sep-2000 13:19 (Sunday) ::

I have created a simple program that can be run on Win9x machines to
attempt to remove files associated with this most recent “MSINIT” worm,
as well as the VBS.Network and VBS.NetLog worms). You can download this
utility (with full source) from the following location:
http://www1.distributed.net/~bovine/wormfree.zip