WSAZ Apologizes.

genlock · Post by **genlock** » Sat Mar 31, 2007 6:06 pm

WSAZ's Amanda Barren apologized at the top of the newscast for a "virus" that is affecting grafx, captioning and a lot of other stuff. Amanda indicated that the "virus" reached WSAZ via the parent company, Gray Broadcasting.
I wonder if the computer people were able to be located to be called out to fix it. I wonder if someone just crashed the newsroom system and couldn't get it to re-boot properly.

The newscast ended at 6:18pm.

genlock · Post by **genlock** » Sat Mar 31, 2007 6:23 pm

WSAZ will, no doubt, accept many awards tonight at the WVBA meeting.
At least they cannot blame Parkervision.

square_enix · Post by **square_enix** » Sat Mar 31, 2007 10:14 pm

Yeah, The Virus knocked down all of our Windows 2000 Systems and servers that were tied to the GRAY network.

2 Of Grays TV stations were knocked completely off the Air because of the Virus.

We thought it was a pure inside job until we discovered WOWK-TV had also been hit by the Virus.

As far as Newsroom went, We lost ENPS, Internet, and Email.

A Fun Evening all around.

genlock · Post by **genlock** » Sun Apr 01, 2007 8:21 am

Is it fixed?

fearpeddler · Post by **fearpeddler** » Sun Apr 01, 2007 10:06 am

whats the name of "the virus"??

square_enix · Post by **square_enix** » Sun Apr 01, 2007 3:20 pm

As of right now,
We still have the virus in house. And continue to operate on a skeleton system.

Name of the Virus, I dont know that yet.

Lee · Post by **Lee** » Sun Apr 01, 2007 3:43 pm

Genlock is the WSAZ Police.

He notifies us of all the goings on of Randy Yohe and Adam Joseph.

Without Genlock's updates, we are not updated on Randy Yohe.

We would be lost without him.

Cameron · Post by **Cameron** » Sun Apr 01, 2007 3:45 pm

square_enix wrote:As of right now,
We still have the virus in house. And continue to operate on a skeleton system.

Name of the Virus, I dont know that yet.

It a virus that piggybacks on .ani animated cursor files - either via e-mail or embedded in webpages.

We're on holy-crap lock-down on our servers too.
Hopefully, there will be a patch this week.
Norton has the following:

ThreatCon Level is 2

The ThreatCon has been raised to level 2. A new, zero-day attack that exploits an unpatched vulnerability in the way Microsoft Windows handles Animated Cursor (ANI) files has been discovered in the wild. The malicious ANI files are most likely to be hosted on websites. When a victim visits a site, arbitrary code may run. Microsoft has confirmed the issue and is currently planning to issue a Security Update. An exploit code leveraging the vulnerability has been released publicly. Since the exploit works independently of the file extension, blocking ANI files would not mitigate the issue. A self propagating, worm-like variant of the exploit has also been reported, which propagates links to websites hosting malicious ANI files. It is being detected as W32.Fubalca by Symantec AntiVirus. Customers are advised to block the following domains which are known to host the exploit and keep their AntiVirus definitions up-to-date. 1.520sb.cn 220.71.76.189 222.73.220.45 55880.cn 81.177.26.26 85.255.113.4 bc0.cn count12.51yes.com count3.51yes.com d.77276.com fdghewrtewrtyrew.biz i5460.net jdnx.movie721.cn newasp.com.cn s103.cnzz.com s113.cnzz.com ttr.vod3369.cn uniq-soft.com wsfgfdgrtyhgfd.net 04080.com 33577.cn h3210.com hackings.cn koreacms.co.kr macrcmedia.com macrcmedia.net ncph.net xxx.cn 2007ip.com microfsot.com Microsoft Security Advisory (935423): Vulnerability in Windows Animated Cursor Handling (http://www.microsoft.com/technet/securi ... 35423.mspx

Dave Allen · Post by **Dave Allen** » Sun Apr 01, 2007 3:47 pm

BTW I think Adam Joesph is long gone from WSAZ. Speaking of WSAZ, Cameron, don't you have a picture to post for Nunley?

Cameron · Post by **Cameron** » Sun Apr 01, 2007 4:07 pm

Start adding these forbidden domains to your router's firewalls before the sales-geeks open their mail Monday:

1.520sb.cn
220.71.76.189
222.73.220.45
55880.cn
81.177.26.26
85.255.113.4
bc0.cn
count12.51yes.com
count3.51yes.com
d.77276.com
fdghewrtewrtyrew.biz
i5460.net
jdnx.movie721.cn
newasp.com.cn
s103.cnzz.com
s113.cnzz.com
ttr.vod3369.cn
uniq-soft.com
wsfgfdgrtyhgfd.net
04080.com
33577.cn
h3210.com
hackings.cn
koreacms.co.kr
macrcmedia.com
macrcmedia.net
ncph.net xxx.cn
2007ip.com
microfsot.com

Cameron · Post by **Cameron** » Sun Apr 01, 2007 4:40 pm

daveinthemorning wrote:BTW I think Adam Joesph is long gone from WSAZ. Speaking of WSAZ, Cameron, don't you have a picture to post for Nunley?

Whoops, almost forgot...

genlock · Post by **genlock** » Sun Apr 01, 2007 7:31 pm

WSAZ is the onliest one of the GRAY stations that mentions computer problems on a website. Which GRAY stations went off the air due to computer virus?

fearpeddler · Post by **fearpeddler** » Sun Apr 01, 2007 7:58 pm

so was it just gray stations that had a run-in with this bug..

square_enix · Post by **square_enix** » Sun Apr 01, 2007 9:22 pm

According to sources:
WOWK-TV also got it.

On Good News, SAZ's systems are slowly returning to an Online State.

"VIRUS WATCH 07" is hopefully over...

whatchamacallit · Post by **whatchamacallit** » Mon Apr 02, 2007 12:17 am

Not sure who your sources are but as fas as i am aware of no WV media stations have been hit with this virus... all IT and engineering staff at WV Media stations were notified as soon as word got out that WSAZ-TV got hit... and everyone took a very proactive stance in light of this situation.

It is unfortunate that many news outlets that use enps and other hardware/software combinations that are forced to use older operating systems that Microsoft does not release patches in a timely manner.

DosPrompt · Post by **DosPrompt** » Mon Apr 02, 2007 2:20 am

WOWK was NOT hit.. Just Rumor..
Cuz someone at WSAZ called them and told them what was going on..
Computer viruses Suck!

That 70's Employee · Post by **That 70's Employee** » Mon Apr 02, 2007 9:34 am

Computer Virus causes Havoc at WSAZ

A vulnerability in Microsoft Windows operating system apparently allowed a potent virus to penetrate the computer systems at WSAZ (West Virginia).

It happened early Saturday morning just before "NewsChannel 3 Sunrise" went on the air at 6am.

According to information technology (IT) professionals at WSAZ, it appears a "zero day attack" is the source of the problems, affecting the station's critical systems.

According to Wikipedia, a zero day attack is "a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks can be considered extremely dangerous because they take advantage of computer security holes for which no solution is currently available."

The systems affected include the station's graphics, closed captioning, and many other computer applications that help bring a newscast to air. Despite these hurdles, WSAZ still aired newscasts as scheduled Saturday at 6am and 6pm, although the latter was shortened from 30 to 18 minutes.

The vulnerability was announced on Wednesday, March 28. According to Microsoft, a "hole" in certain versions of Microsoft Windows could allow an attacker to remotely run programs on some computers if the user accesses certain websites that contain malicious code.

Right now, Microsoft has not released a fix for the vulnerability in its software.

The same attack has also caused significant issues at other television stations owned by WSAZ's parent company, Gray Television. A computer security website reports that this system flaw has reached "highly severe" status.

Despite the system problems, WSAZ will continue to bring you up-to-date, live newscasts.

WVBROADCASTING.NET

WSAZ Apologizes.

WSAZ Apologizes.

Virus Story from FTV