Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Virus hitting hard and furious!!!
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^ | 08/11/03 | self

Posted on 08/11/2003 2:33:46 PM PDT by STFrancis

All,

Here a scoop to Freepers which is just now hitting us security pro's.

There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.

It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11

A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.

In other words we need to make sure port 4444 is blocked inbound AND outbound.

Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.

Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html

Just thought everyone ought to know.

Thanks...


TOPICS: Breaking News; News/Current Events; Technical
KEYWORDS: blaster; computer; firewall; internet; macuserlist; microsoft; msblast; techindex; virus; vulnerability; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140141-160161-180 ... 301-308 next last
To: Revel
I know a lot can go to 135, 137, 138 & 139, but I didn't know they can come to your own port 41170 and who knows what else. Maybe I better block that specifically just to be on the safe side.

And maybe I should get the ZoneAlarm firewall too.
141 posted on 08/11/2003 8:25:09 PM PDT by FairOpinion
[ Post Reply | Private Reply | To 137 | View Replies]

To: Hank Rearden
You're lucky you're among the 2% of people who struggle with those damn Barbie's First Computer things - nobody bothers to go after the 2-percenters.

Last time I checked, unsing unix is far from Barbie's First computer - http://www.apple.com/macosx/jaguar/unix.html

If anything, you go defrag your HD, and fix your registry(WTF is that?!?!) because you have actually used your computer for a week.

I must admit, I am a little upset with Mac OS X because sometimes it makes you reboot after installing something(too windows like for me). With the old OS X Server(development environment before the public OS X release) I had a max uptime of 222 days(power outage ended the streak) of 60+ hour a week hard core developing. Try doing that with your Barbie OS.

142 posted on 08/11/2003 8:33:35 PM PDT by SengirV
[ Post Reply | Private Reply | To 111 | View Replies]

To: SengirV
#11 - Yeah, nobody sends you email anyway..right? ;)
143 posted on 08/11/2003 8:33:39 PM PDT by Verax
[ Post Reply | Private Reply | To 11 | View Replies]

To: Woahhs
Hey, it's my job, I have to have all these fine toys.
144 posted on 08/11/2003 8:40:13 PM PDT by savedbygrace
[ Post Reply | Private Reply | To 96 | View Replies]

To: kitkat
I can post pix with no problem if I get one off of, say, FR by opening the pic on a new window and copying and pasting the URL. Works just fine.

But, how do I save the URL when I want to store pictures on my OSX?

I use Camino as my primary browser(I'll give Safari a try when you can drag links onto the tabs). In Camino, if you right click on a image, you get a pulldown with "View Image". Using this option will display only the image with the appropriate URL in the same window.

145 posted on 08/11/2003 8:41:59 PM PDT by SengirV
[ Post Reply | Private Reply | To 54 | View Replies]

Comment #146 Removed by Moderator

To: Verax
#11 - Yeah, nobody sends you email anyway..right? ;)

You mean you have to worry about emails while using a PC? I'm afraid I do not understand the problem.

147 posted on 08/11/2003 8:45:14 PM PDT by SengirV
[ Post Reply | Private Reply | To 143 | View Replies]

To: Ernest_at_the_Beach
bump
148 posted on 08/11/2003 8:49:34 PM PDT by GOPJ
[ Post Reply | Private Reply | To 8 | View Replies]

To: Luke Skyfreeper
Port blocking varies from package to package, so you should check the documentation for the software that you use.
149 posted on 08/11/2003 9:01:29 PM PDT by Dimensio (Sometimes I doubt your committment to Sparkle Motion!)
[ Post Reply | Private Reply | To 68 | View Replies]

To: Timesink
You can do that, but it's still an incredibly clunky workaround that comes nowhere close to matching the functionality that existed in OS 9 and earlier,

I don't recall that it was easier in OS 9.

when simply dragging the graphic to the desktop (or downloading most any file in any way) automatically caused the orignating URL to be put in the Get Info box.

It was probably the application - not the operating system - that was setting the Get Info comment with the URL.

150 posted on 08/11/2003 9:01:45 PM PDT by HAL9000
[ Post Reply | Private Reply | To 117 | View Replies]

To: Timesink
*drool*

LOL..what is WRONG with us!!! I just got a FLYING new computer in March and I'm already looking around!

151 posted on 08/11/2003 9:08:40 PM PDT by Howlin (If we don't post, will he exist?)
[ Post Reply | Private Reply | To 89 | View Replies]

To: Danette
He's got it.

If you have Norton, you can remove it.

Actually you probably can anyhow.

It is MSBLAST.exe

When your machine starts, kill that process. Then update Norton definitions -- live update.

You'll have to reboot. Then kill the process again immediately.

Run Norton using the 8-11-03 updated definitions you just downloaded. It will find it.

Then use regedit to remove the call for it to start:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In the right pane, delete the value:

"windows auto update"="msblast.exe"

From http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

If you have antivirus program you could probably delete msblast.exe yourself in safe mode then do the regedit.

152 posted on 08/11/2003 9:09:28 PM PDT by tallhappy
[ Post Reply | Private Reply | To 71 | View Replies]

To: Danette
Oh yes, and install the patch. This one

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Above linked

153 posted on 08/11/2003 9:12:35 PM PDT by tallhappy
[ Post Reply | Private Reply | To 71 | View Replies]

To: Howlin
LOL..what is WRONG with us!!! I just got a FLYING new computer in March and I'm already looking around!

A G4 800MHz just doesn't compare to a G5 dual 2Ghz. How soon our gadgets become obsolete...

154 posted on 08/11/2003 9:21:38 PM PDT by Timesink
[ Post Reply | Private Reply | To 151 | View Replies]

To: poorman
virus ping for your new project computer
155 posted on 08/11/2003 9:24:27 PM PDT by petuniasevan (Cat toys: Anything not nailed down, and some that are.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Timesink
Most women my age are looking for new drapes and furniture; I'm look at RAM and gigs. *Sigh*
156 posted on 08/11/2003 9:32:53 PM PDT by Howlin (If we don't post, will he exist?)
[ Post Reply | Private Reply | To 154 | View Replies]

To: LibKill; STFrancis
LIBKILL WROTE: "Re: port 4444. UDP, TCP or other?"

What do UDP and TCP mean? What do they do?

I FREQUENTLY & unexpectedly get "TCP (Inbound)" attacks and sometimes get "UDP (Inbound)" attacks, with a "High Risk" warning...I'll just be sitting there reading something (not doing anything to trigger a popup screen). I have also gotten some ":bootpc (68) UDP" and ":bootps (67) UDP" attacks.

I've got nearly TWENTY-EIGHT (28) PAGES of line-by-line listings of attacks, citing date and time of when they happened, the IP Address involved and the type of attack (TCP/UDP). Who can I send them to to have something done about them? How can I know if any are "safe" when they show up?

I made the mistake of "permitting" one of the ":bootpc" attacks (it had MY IP address on it so I thought it was safe to permit). I LOST ALL CONTROL OVER MY COMPUTER AS ADMINISTRATOR (actually OWNER)! Norton Security was turned OFF and I---the owner, administrator, and bottlewasher---no longer had "authority" to turn MY OWN security software ON or remove it and reload it!!!!!

157 posted on 08/11/2003 9:43:41 PM PDT by Concerned
[ Post Reply | Private Reply | To 26 | View Replies]

To: STFrancis
If y'all would just keep your flux capacitors calibrated, ya wouldn't have ta worry about no virus nonsense!
158 posted on 08/11/2003 9:59:44 PM PDT by bluefish
[ Post Reply | Private Reply | To 1 | View Replies]

To: Knitebane
That's actually incorrect that MS has not released a patch for 4.0. (Updated a couple PDCs with that a week ago ) If you go to the technet link they have a patch for both 4.0 and 4.0 Terminal Services. The regular 4.0 version SHOULD work on 3.51 as well. HOWEVER, it should be tested pretty good in a test lab first.
159 posted on 08/11/2003 10:06:40 PM PDT by STFrancis
[ Post Reply | Private Reply | To 80 | View Replies]

To: STFrancis
I just upgraded to this nice Commadore 64.
I never had virus problems with my VIC-20. Should I be concerned?
160 posted on 08/11/2003 10:14:31 PM PDT by ASA Vet ("Those who know, don't talk. Those who talk, don't know." (I'm in the Sgt Schultz group))
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140141-160161-180 ... 301-308 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson