Skip to comments.
New Virus hitting hard and furious!!!
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^
| 08/11/03
| self
Posted on 08/11/2003 2:33:46 PM PDT by STFrancis
All,
Here a scoop to Freepers which is just now hitting us security pro's.
There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.
It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11
A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.
In other words we need to make sure port 4444 is blocked inbound AND outbound.
Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.
Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html
Just thought everyone ought to know.
Thanks...
TOPICS: Breaking News; News/Current Events; Technical
KEYWORDS: blaster; computer; firewall; internet; macuserlist; microsoft; msblast; techindex; virus; vulnerability; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 141-160, 161-180, 181-200 ... 301-308 next last
To: expatguy
Well, it's not a virus... But the sheeple won't understand any other terminology...
To: Dimensio
Port blocking varies from package to package, so you should check the documentation for the software that you use.Cool. Figured it out, thanks.
To: Ramius
Totally agree... There are lot's of people doing lot's of things and when you actually start watching ZoneAlarm to closely you COULD get paranoid...
To: Ramius
This one would have been somewhat nastier, methinks, if the writer hadn't been so arrogant as to make his presence so clearly known on an infected machine. From what I understand so far, this malware propogates on its own to any machine with the unpatched vulnerability. The user could be infected without ever knowing that they had gotten it, except that the writer intentionally makes the system barf and reboot over and over.
What if it was NOT meant to hurt anything..??? But just a grey-hat wanting to get peoples attention to this *serious* windows flaw? This way everyone HAS to get their systems patched. Basically he is offering a stick instead of the carrot . Don't agree with the method being used but that's what my hunch is on this. Anyone smart enough to write an exploit for this NEW vuln should know how to code their way out of a paper sack....
To: Ramius
In my world though, I hide everything behind really good firewalls (I dig PIX) and get pretty jealous of what I let through. I also strip off any executables (among others) from e-mail messages. I have for years. It's saved me a lot of grief waiting for AV providers to update files when a new pattern needs to be released.
That's a good start. However, if you are running any serious network you should know that 80% of the hacks are coming from the inside... The fortress/moat model is outdated... You need to treat every server like a bastion. Not just the system in the DMZ etc... Even though you are safer then prolly 80%+ out there..
To: livius
Thank you. I have a slow dial up and the virus kept shutting down my computer before I could even read the helpful posts (the others were so frustrating because I had to read fast.) It shuts down in one minute.
How does one get this virus?
Thanks again,
LL
To: avenir
Go and follow the instructions from Symantec. Make sure you clean your registry etc..
To: ASA Vet
I just upgraded to this nice Commadore 64. I never had virus problems with my VIC-20. Should I be concerned? No.
Your TCP/IP stack, in optimized 6510 Assembly, still takes 38,511 of the 38,711 bytes available on your machine after the OS is loaded.
This worm can't get it up in 200 bytes.
Relax.
168
posted on
08/11/2003 10:31:43 PM PDT
by
umbagi
(**** TAGLINE VIRUS L32.FR4x **** STEAL ME, DONATE SAVED TIME TO GOOD GUYS ****)
To: STFrancis
I've been telling everyone to get a Mac. Mac's don't get viruses as most viruses are .exe files....exe files can't run on Macs.
To: umbagi
Thank you. I really was concerned and considered going back to the VIC.
I do like this hugh RAM available on the 64 though.
That's some series computing power.
170
posted on
08/11/2003 10:35:55 PM PDT
by
ASA Vet
("Those who know, don't talk. Those who talk, don't know." (I'm in the Sgt Schultz group))
To: Lighthouse Lady
How does one get this virus? By using a Microsoft Windows operating system.
171
posted on
08/11/2003 10:37:08 PM PDT
by
HAL9000
To: ASA Vet
That's some series computing power. Simple enough for dumbies, too.
172
posted on
08/11/2003 10:42:32 PM PDT
by
umbagi
(**** TAGLINE VIRUS L32.FR4x **** STEAL ME, DONATE SAVED TIME TO GOOD GUYS ****)
To: amigatec
There is an easier way. Download a copy of your favorite Linux distro, burn to cd, put cd in drive, push the reset button on front of computer, follow instructions on screen. In about 10 minutes you will have a virus free system.
While I get quite sick over the win vs. lin/unix debate the statement above is so stupid it's almost DANGEROUS. There are so many viruses/exploits for unix out that are released every day it's not even funny. While I like both OS systems (they both have their place) crowing like this is just plain stupid. Hope you got this one fixed: http://www.securityfocus.com/bid/8315
There is a reason some Win Security guys out there drive around with the Bumper Sticker:
"My next workstation is YOUR linux box".
ANY operating system is inherently insecure unless it does B3 out of the box. Which according to reports Longhorn is suppose to do. Can't wait to see a finished version of it and hope *pray* MS doesn't screw it up. And IF (that's a caps IF there) they do it right Unix is going to have a HUGE challenge
And unlike popular belief MS is doing a 180 when it comes to security and they have made GREAT progress. Am actually astounded at some of their initatives and outreach to the community. They still have a long way to go though...
And to the Mac guys out there... You know who one of the biggest Mac shareholder is right..??? and who bailed Mac out when they almost became toast???
Sorry for jumping on my soap box for a sec... But I just hate arguing over OS'es... they ALL have their time and place..
To: ASA Vet
Those where the times.... I miss my blazing WAY COOL but hugely EXPENSIVE 1541.... And the output of my MP803 is just simply AMAZING....
(I actually have an emulator running the C-64 stuff and two actual units in the attic... )
To: STFrancis
Learned Ones:
I had this "virus" happen today (Monday), but got through it like everyone else with the patch. Now, when I finally got into my e-mail, I found a ton of "returned" messages purporting to be from me (never sent them, don't know the recipients).
These messages purport to be from my system's "mail administrator", but who knows. I've had some of these before, but never a whole bunch like this. Is this a weird other virus that seizes one's address book and sends out mail? Or just SPAM of some sort that pretends to be returned mail?
Any info would help, thanks!
175
posted on
08/11/2003 10:53:55 PM PDT
by
Mjaye
To: STFrancis
Just to add a couple for the Apple folks that think they are completely imune (as Apple would like for them to think):
http://www.securityfocus.com/bid/8266
http://www.securityfocus.com/bid/8293
http://www.securityfocus.com/bid/6884
To: Mjaye
Without more info I would like to think that this is another form of virus/worm at work here. Download and install the latest version of McAffee or Symantec etc.. Load the latest definition and see what you come up with.
Also, give ad-aware at www.lavasoftusa.com (Ping to the germans ) and spybot a shot.
Hope that helps...
To: umbagi
The fact that you knew that off the top of your head (or off the top of a quick google), boggles the mind.
You out-nerd me. ;)
178
posted on
08/11/2003 11:05:56 PM PDT
by
Quick1
To: STFrancis
Thanks! I did download Norton's latest updates earlier today and did a complete virus scan after I patched up the Microsoft .exe problem. Nothing was detected, nothing quarantined. This "returned mail" thing really bugs me, I hope to heck nothing weird is going out to anyone in my address book in my name.
I correspond with bosses from home and would NOT want them to receive weird mail allegedly from me. So far, none of these returned items were to anyone I ever heard of.
179
posted on
08/11/2003 11:08:43 PM PDT
by
Mjaye
To: kitkat
Double that number in my house. BTW, do you find Macs to be an improvement?
Navigation: use the links below to view more comments.
first previous 1-20 ... 141-160, 161-180, 181-200 ... 301-308 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson