Skip to comments.
New Virus hitting hard and furious!!!
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^
| 08/11/03
| self
Posted on 08/11/2003 2:33:46 PM PDT by STFrancis
All,
Here a scoop to Freepers which is just now hitting us security pro's.
There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.
It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11
A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.
In other words we need to make sure port 4444 is blocked inbound AND outbound.
Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.
Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html
Just thought everyone ought to know.
Thanks...
TOPICS: Breaking News; News/Current Events; Technical
KEYWORDS: blaster; computer; firewall; internet; macuserlist; microsoft; msblast; techindex; virus; vulnerability; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 201-220, 221-240, 241-260 ... 301-308 next last
To: =Intervention=
I have XP and ZoneAlarm. No probs.
To: MrsEmmaPeel
And MrsEmmaPeel keeps making unsupported statements...yawn...nothing new to see here.
222
posted on
08/12/2003 8:38:31 AM PDT
by
=Intervention=
(White devils for Sharpton Central Florida chapter)
To: jeffsher
Thank you so much. I know that this will help much. My wife is gonna kill me if I don't get our home pc up and running. We just got it two weeks ago and this virus struck last night.
223
posted on
08/12/2003 8:40:34 AM PDT
by
AxelPaulsenJr
(Ozzy Osborne says that pot leads to harder drugs.)
To: Timesink
IIRC, this exploit affects all versions of Windows dating back to Win95, except for Windows Millenium. I think they got it right this time, unless I'm thinking of one of the other dozens of remote exploits for Microsoft OSes.
I looked again. It may be that the exploit itself doesn't affect the various releases of Win95 and Win98, though the RPC vulnerability in question wasn't exactly made clear by Microsoft. I'm wondering why they would specify Windows Millennium but not mention Win98 SE.
224
posted on
08/12/2003 8:50:53 AM PDT
by
cashion
To: STFrancis
ZoneAlarm is not the only way to go. Netgear makes a great firewall/router for under $90, print server included.
I have three home computers and a printer hooked to one. All the security test sites say I am invisible. Quoting from thir propaganda:
This true firewall is broadband-capable, and provides you with the utmost in business class security Denial of Service (DoS) protection and Intrusion Detection using Stateful Packet Inspection (SPI), URL access and content filtering, logging, reporting, and real-time alerts. VPN pass-through maximizes network security with access control and encryption. And a built-in print server removes the bottleneck of a dedicated PC print server and supports multiple print jobs simultaneously.
The really neat thing is I can swap computers, hook up the kid's when they're home from college, all without worrying about software.
225
posted on
08/12/2003 8:54:44 AM PDT
by
js1138
To: livius; Danette
I've been struggling with the same problem for 2 days, finally figured it out last night and tried to download the patch repeatedly. I finally was able to save the patch and get it into place and now my system is running beautifully again.
Thanks for everyone's advice and expertise on this thread, my problem was solved but it really helps to understand what was happening :-)
226
posted on
08/12/2003 8:55:09 AM PDT
by
Tamzee
(I was a vegetarian until I started leaning toward the sunlight...... Rita Rudner)
To: All
This means that people wiht knowledge about this hole
have been able to spy you
since Windows 2000 and Windows XP were released.
For some reason the canadian that exposed the hole 3 weeks ago prefered to remain anonymous ...
To: =Intervention=
Of course Apple doesn't know UNIX -- they just make an OS that uses it...hmm. Your hyperbole and bias is showing. I was developer of Apple since 1989. Finally gave up when Apple ceased making any improvements. Apple had the potential for being a really, really great system. The basis of Mac OS X, is really Mach, and Apple needs to capitalize on that, but they never did. Mach allowed for concurrent OSs - the limitaion is just the hardware. In the early Apple Mac OS X beta, Mac OS 9 was in a separate window. Apple descided to scrub that - never understood why. But is theoretically possible to have multiple concurrent OSs on an Apple machine - Dos - Windows - X, BSD, OS 9 etc .. Apple never followed through. Also, Apple never followed through on important security issues. The problem with most Mac people just don't want to take the time to learn UNIX, so they remain ignorant as to the vulnerabilities of their system.
Whether you believe me or not, I don't care. Whether you believe that UNIX has vulnerabilities, I don't care.
I think this ostrich syndrom is probably why Apple is only at 3% of the market, and Linux is overtaking Apple in many areas. (Law of unintended consequences: Linux was born to take on Windows, and so many of the smaller companies and competitors have been out paced by Linux.)
I'm not a fan of any system - just a realist. And when a Mac person tries to claim that they are immune, I just laugh.
To: eyespysomething
Hey eyespy....
I'm a bit surprised at .45MAN's company. I called our head techie at my company who said that we got the Sophos update for that particular worm this week. .45MAN's company is a high-tech firm that does a lot of government work.
He just left me a message and said they have to go computer to computer to fix it.
"Eek what a mess" is right!
229
posted on
08/12/2003 9:07:47 AM PDT
by
dansangel
(America - Love it, Support it or LEAVE it!)
To: STFrancis
bump
230
posted on
08/12/2003 9:21:45 AM PDT
by
GOPJ
To: jeffsher
Jeff, about that fixblast.exe fix from Symantec, do you have to have the virus software to run that thing???
231
posted on
08/12/2003 9:29:07 AM PDT
by
Howlin
(If we don't post, will he exist?)
To: STFrancis
day bump
232
posted on
08/12/2003 9:32:22 AM PDT
by
GOPJ
To: Howlin
Symantec offers a bunch of targeted virus fixers for free. Most will run from DOS mode in case you maching is too hosed to boot Windows. The only catch is you have to know the name of the virus and be able to download the fix.
They save my butt from klez a few months ago.
233
posted on
08/12/2003 9:35:35 AM PDT
by
js1138
To: SengirV
OH MY GOD!!!!!!! Another virus!!!! What do I do?!?!?!?!? Oh wait, I have a Mac. Nevermind.
Yeah lucky you Apple's market share is too small for anyone to bother. ;-0
234
posted on
08/12/2003 10:04:59 AM PDT
by
Kozak
(" No mans life liberty or property is safe when the legislature is in session." Mark Twain)
To: Howlin
It appears that this is a "stand alone" and you do not need NAV to run it. Check here: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
I will say that they are correct in urging you to stop "system restore" before removing this. I had a virus the other day (first in a long time) that I tried to delete using NAV, but couldn't because of system restore. Once I disabled system restore and booted into safe mode, I was able to get rid of it. Good luck!
To: LynnHam
Home use, thanks.
To: Brian S
Useful info, thanks.
To: jeffsher
My niece has this worm on her Compaq laptop. She has downloaded the security patch, disabled the system restore, run the fixblast.exe (which said the program was terminated), enbabled system restore and then rebooted.
When she did a search, she STILL has MSblast.exe (2 of them, in fact, one modified at 12:15 PM EST) on her hard drive.......any ideas????
238
posted on
08/12/2003 10:16:19 AM PDT
by
Howlin
(If we don't post, will he exist?)
To: MrsEmmaPeel
I'm surprised at the number of darts thrown at you over your posts on this subject. I have consulted many times with Fortune 500 companies for a leading information security company, and can only agree with you 100%. Anybody who thinks OS X, Unix, Windows, or any other OS is basically safe out of the box is naive.
Regards.
239
posted on
08/12/2003 10:21:33 AM PDT
by
Ted
To: STFrancis
The patch is for Windows NT 4.0 Server and Windows NT 4.0 Terminal Services.
There is not an explicitly issued patch for Windows NT 4.0 Workstation or for Small Business Server, both of which are vulnerable but not listed as being so. They haven't been listed because they are no longer supported. One must be very careful about reading Microsoft's tech bulletins.
It is my understanding that the NT 4.0 Server patch will work on 4.0 Workstation. I have heard this from people whom I believe to be competant, but I haven't seen it with my own eyes. I haven't heard anything at all about SBS.
Navigation: use the links below to view more comments.
first previous 1-20 ... 201-220, 221-240, 241-260 ... 301-308 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson