Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Virus hitting hard and furious!!!
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^ | 08/11/03 | self

Posted on 08/11/2003 2:33:46 PM PDT by STFrancis

All,

Here a scoop to Freepers which is just now hitting us security pro's.

There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.

It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11

A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.

In other words we need to make sure port 4444 is blocked inbound AND outbound.

Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.

Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html

Just thought everyone ought to know.

Thanks...


TOPICS: Breaking News; News/Current Events; Technical
KEYWORDS: blaster; computer; firewall; internet; macuserlist; microsoft; msblast; techindex; virus; vulnerability; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 221-240241-260261-280 ... 301-308 next last
To: bellas_sister
(I love a man in a uniform)

I'll go get my spiderman uniform.... ;^)

241 posted on 08/12/2003 10:45:23 AM PDT by null and void
[ Post Reply | Private Reply | To 215 | View Replies]

To: zeugma
Why not download a copy of RedHat, Mandrake, Debian, or SUSE Linux and install it instead of windows.

I've been Windows-free for nearly 4 years. All of my servers run FreeBSD, my security devices run OpenBSD and my desktops run RedHat Linux.

I'm only commenting on this subject because I'm a security engineer by profession and I tend to have accurate and timely information on these subjects near to hand.

242 posted on 08/12/2003 10:48:14 AM PDT by Knitebane
[ Post Reply | Private Reply | To 194 | View Replies]

To: Timesink
Aren't something like 30% of PC owners still running Win98? This sort of piss-poor journalism can cause these people a lot of grief as they run around looking for patches to their systems that are not needed and, indeed, do not exist.

Far be it from me to stick up for presstitutes, but I have to give them a pass on this one.

Microsoft issued a press release that was rather vague about what versions were affected. It took some digging to get to the truth.

243 posted on 08/12/2003 10:51:57 AM PDT by Knitebane
[ Post Reply | Private Reply | To 91 | View Replies]

To: Kozak
Yeah lucky you Apple's market share is too small for anyone to bother. ;-0

Is it Apple's market share, or the fact that windows is soo insecure that any script kiddy can write a virus to take Window's down?

244 posted on 08/12/2003 10:55:27 AM PDT by SengirV
[ Post Reply | Private Reply | To 234 | View Replies]

To: Ted
Anybody who thinks OS X, Unix, Windows, or any other OS is basically safe out of the box is naive.

Thus spaketh he who knows not.

I would have no problem dropping a fresh OpenBSD, Trusted Solaris or OSF/1 box onto the raw Internet.

Any of them would be impervious to the typical traffic on the Internet.

Just because Windows is a rickety, rat-infested tenement building doesn't mean that's the way that everyone lives.

245 posted on 08/12/2003 10:57:19 AM PDT by Knitebane
[ Post Reply | Private Reply | To 239 | View Replies]

To: SengirV
Face it it's apple's market share.
246 posted on 08/12/2003 11:03:40 AM PDT by Kozak (" No mans life liberty or property is safe when the legislature is in session." Mark Twain)
[ Post Reply | Private Reply | To 244 | View Replies]

To: All
I suppose it's fun to trash those of us who are infested with this thing. But I have to say, it's quite frustrating to those of us who are frantically searching for directions on how to download 3 hours worth of patches in less than 10 minutes, to read all this nit picking.

And if anyone knows how to accomplish the task I just mentioned, please post to me, and I'll be back in after the computer reboots.

I cannot get the patches to install. The computer won't let me. We've located the virus, but the computer won't let us quarentine it. Any solutions out there?

it's closing down, sorry for typso not time to correct
247 posted on 08/12/2003 11:12:22 AM PDT by Iowa Granny
[ Post Reply | Private Reply | To 246 | View Replies]

To: Iowa Granny
try post #17 and print it out.

If you can't get the download in one fell swoop before your computer shuts down, bookmark the page and go right back to it and continue downloading until you get it all.

you can also try these sites for the downloads, but you have to put the patch on first.

Network Associates:

http://vil.nai.com/vil/content/v-100547.htm

Symantec:

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Microsoft warning: http://www.microsoft.com/security/security-bulletins/ms03-026.asp

248 posted on 08/12/2003 11:27:47 AM PDT by eyespysomething (You've a loose screw. Can I tighten that for you?)
[ Post Reply | Private Reply | To 247 | View Replies]

To: Knitebane
I've been Windows-free for nearly 4 years. All of my servers run FreeBSD, my security devices run OpenBSD and my desktops run RedHat Linux.

SCO has an invoice for you.

249 posted on 08/12/2003 11:30:26 AM PDT by Lazamataz (PROUDLY POSTING WITHOUT READING THE ARTICLE SINCE 1999!)
[ Post Reply | Private Reply | To 242 | View Replies]

To: Iowa Granny
I'm sorry to hear of your troubles. I worked in hi-tech for twenty-three years, and I've used every platform you could imagine. I also used Winblows machines for about ten years. I now use only Apple computers, and instead of worrying about the latest bug/virus/update/problem/crash/config error/hangup/hiccup/freeze/crash/etc.etc.etc I just get a lot of work done.

My heartfelt advice to you is to get a Mac.
250 posted on 08/12/2003 11:31:23 AM PDT by Elliott Jackalope (Formerly Billy_bob_bob)
[ Post Reply | Private Reply | To 247 | View Replies]

To: Iowa Granny
I had the same problem, the puter kept shutting down before I could d/l the whole patch... eventually I did get it to work, though.

Livius in post 78 did spell out a way to prevent the computer from shutting down, this may help you!




Here's what to do: (I got this from a poster named Antigrok at a site called the Tech Support Guy, a great site)

Run services.msc
In the right hand list, right click on "remote procedure call" and select "properties."
Click on the "recovery" tab.
Change first, second and subsequent failures to "Take No Action."
Click Apply, then OK.

Now you can download the security patch, which is available here:

http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en

Install it (it may take awhile), and then reboot.

Don't forget to go back to services.msc and change the settings to "Reboot the Computer."

251 posted on 08/12/2003 11:32:52 AM PDT by Tamzee (I was a vegetarian until I started leaning toward the sunlight...... Rita Rudner)
[ Post Reply | Private Reply | To 247 | View Replies]

To: Iowa Granny
Open a command prompt. In Windows 2000, it's in Start/Accessories. Then issue this command

shutdown /a

Do this everytime your system starts the countdown to shutdown. It will cancel the shutdown.
252 posted on 08/12/2003 11:33:58 AM PDT by AppyPappy (If You're Not A Part Of The Solution, There's Good Money To Be Made In Prolonging The Problem.)
[ Post Reply | Private Reply | To 247 | View Replies]

To: Iowa Granny
Another method. When you get a Shutdown countdown, change your system clock back a year. That gives you a year before the computer shuts down.
253 posted on 08/12/2003 11:36:27 AM PDT by AppyPappy (If You're Not A Part Of The Solution, There's Good Money To Be Made In Prolonging The Problem.)
[ Post Reply | Private Reply | To 247 | View Replies]

To: Elliott Gigantalope
Elliott Gigantalope

Congressman BillyBob, I didn't know you were in hi-tech!

Everyone, meet the new screen name of Congressman BillyBob.

254 posted on 08/12/2003 11:37:45 AM PDT by Lazamataz (PROUDLY POSTING WITHOUT READING THE ARTICLE SINCE 1999!)
[ Post Reply | Private Reply | To 250 | View Replies]

To: Nettie
You're not picked on because you're (MAC) an insignificant target. How man PCs in the world vs Macs?
255 posted on 08/12/2003 11:38:33 AM PDT by GigaDittos (I can hear the distant whine about wine in France.)
[ Post Reply | Private Reply | To 35 | View Replies]

To: AppyPappy
Wow... I wish I had talked to you prior to wasting hours on useless download attempts LOL

Thanks for helping us more software challenged folks :-)
256 posted on 08/12/2003 11:38:47 AM PDT by Tamzee (I was a vegetarian until I started leaning toward the sunlight...... Rita Rudner)
[ Post Reply | Private Reply | To 252 | View Replies]

To: Lazamataz
Let me guess. You used to get beat up a lot in school?
257 posted on 08/12/2003 11:39:26 AM PDT by Elliott Jackalope (Formerly Billy_bob_bob)
[ Post Reply | Private Reply | To 254 | View Replies]

To: AppyPappy
Wow, what good advice! I got this virus on one of my computers (the one not behind a firewall) and a magnificent person on FR helped me out before there were updates on the virus.
258 posted on 08/12/2003 11:44:05 AM PDT by diotima (So it's sorta social, demented and sad, but social.)
[ Post Reply | Private Reply | To 253 | View Replies]

Comment #259 Removed by Moderator

To: Iowa Granny
I suppose it's fun to trash those of us who are infested with this thing. But I have to say, it's quite frustrating to those of us who are frantically searching for directions on how to download 3 hours worth of patches in less than 10 minutes, to read all this nit picking.

Amen to that, Granny. Try #17 and 78. I think I managed to kill the thing by following those instructions.

260 posted on 08/12/2003 11:58:59 AM PDT by Nita Nupress
[ Post Reply | Private Reply | To 247 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 221-240241-260261-280 ... 301-308 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson