Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Virus hitting hard and furious!!!
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^ | 08/11/03 | self

Posted on 08/11/2003 2:33:46 PM PDT by STFrancis

All,

Here a scoop to Freepers which is just now hitting us security pro's.

There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.

It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11

A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.

In other words we need to make sure port 4444 is blocked inbound AND outbound.

Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.

Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html

Just thought everyone ought to know.

Thanks...


TOPICS: Breaking News; News/Current Events; Technical
KEYWORDS: blaster; computer; firewall; internet; macuserlist; microsoft; msblast; techindex; virus; vulnerability; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 241-260261-280281-300301-308 next last
To: Nettie; GigaDittos
Actually, ya know, it's us doing it.... ;-)

you TOLD!!!

281 posted on 08/12/2003 3:22:31 PM PDT by null and void (Shame on you, you snitch!)
[ Post Reply | Private Reply | To 259 | View Replies]

To: rdb3
(sarcasm) I have only three letters for you post: S. C. O.
282 posted on 08/12/2003 3:30:33 PM PDT by Paul C. Jesup
[ Post Reply | Private Reply | To 22 | View Replies]

To: Paul C. Jesup
(sarcasm) I have only three letters for you post: S. C. O.

Let me up it to three words: No mo' S.C.O.!

283 posted on 08/12/2003 4:00:52 PM PDT by rdb3 (I'm not a complete idiot. Several parts are missing.)
[ Post Reply | Private Reply | To 282 | View Replies]

To: rdb3
I'm getting hammered here at home. Norton Firewall is all up in my grill. I guess it has gotten in the modem pool at school.
284 posted on 08/12/2003 4:22:05 PM PDT by AppyPappy (If You're Not A Part Of The Solution, There's Good Money To Be Made In Prolonging The Problem.)
[ Post Reply | Private Reply | To 283 | View Replies]

To: AppyPappy
Well yesterday in just 4 hours I had 103 hits on my firewall, and I'm on a dial-up.
285 posted on 08/12/2003 4:40:41 PM PDT by amigatec (There are no significant bugs in our software... Maybe you're not using it properly.- Bill Gates)
[ Post Reply | Private Reply | To 284 | View Replies]

To: amigatec
I finally restricted the IP addresses in the modem pool.
286 posted on 08/12/2003 4:47:07 PM PDT by AppyPappy (If You're Not A Part Of The Solution, There's Good Money To Be Made In Prolonging The Problem.)
[ Post Reply | Private Reply | To 285 | View Replies]

To: rdb3
(sarcasm) I have only three letters for you post: S. C. O.

Let me up it to three words: No mo' S.C.O.!

Here is my three word reply back to you; Linux, lawsuit city.

287 posted on 08/12/2003 5:41:57 PM PDT by Paul C. Jesup
[ Post Reply | Private Reply | To 283 | View Replies]

To: ASA Vet
Dang! All I got is my dual Intel 4004s. Should I upgrade to an Athlon XP?
288 posted on 08/12/2003 6:05:05 PM PDT by markfiveFF
[ Post Reply | Private Reply | To 160 | View Replies]

To: Paul C. Jesup
Here is my three word reply back to you; Linux, lawsuit city.

And, for brevity, here's my 3-in-1 word back atcha: fuhgedaboudit.

289 posted on 08/12/2003 6:12:13 PM PDT by rdb3 (I'm not a complete idiot. Several parts are missing.)
[ Post Reply | Private Reply | To 287 | View Replies]

To: Mjaye
correspond with bosses from home and would NOT want them to receive weird mail allegedly from me. So far, none of these returned items were to anyone I ever heard of.

It could be spammera, or folk looking for vulnerable systems. The fact that your system sent out stuff tells me your system is vulnerable as food for the worm.

One, do you use Outlook for your e-mail? My guess is yes. It would be nice if you figured out how the hackers told your system to spam. But they could amateurs or heavy hitters.

Noticing the problem is the first step. Someone here knows more than I (actually, several soemones).

For freedom!
290 posted on 08/12/2003 6:13:48 PM PDT by markfiveFF
[ Post Reply | Private Reply | To 179 | View Replies]

To: MrsEmmaPeel
There are real-world reasons that people don't apply Windows updates. One, there can be a lot of updates. Two, in a small office, expertise may be lacking. Three, and most important, updating Windows can and often does break existing applications. So, sensible admins test before updating, and only install 'critical' updates anyway.

I'm not an admin, but I hang with them. Linux/Unix/FreeBSD are good for servers; Macs are good for graphics/art/3D/game design, and Windows is good for desktops, many applications, and full employment for admins. This is my and admins observations.

Windows makes a decent db server in SQL 7/2000/2003, but web server, the way to go is FreeBSD/Apache. It all depends on what you are using the machine for.
291 posted on 08/12/2003 6:25:18 PM PDT by markfiveFF
[ Post Reply | Private Reply | To 191 | View Replies]

To: rdb3
(sarcasm) Sorry, I don't speak geek.
292 posted on 08/12/2003 7:38:30 PM PDT by Paul C. Jesup
[ Post Reply | Private Reply | To 289 | View Replies]

To: STFrancis
Thank you!
293 posted on 08/12/2003 7:59:01 PM PDT by avenir
[ Post Reply | Private Reply | To 167 | View Replies]

To: Knitebane
Cute language, but naive... I have seen many average-skilled computer consultants trained in simple yet effective hacks into OpenBSD and a "Trusted" Solaris box.

294 posted on 08/12/2003 8:50:08 PM PDT by Ted
[ Post Reply | Private Reply | To 245 | View Replies]

To: Ted
I have seen many average-skilled computer consultants trained in simple yet effective hacks into OpenBSD and a "Trusted" Solaris box.

The fact that you added the quotes around Trusted in Trusted Solaris quickly exposes your ignorance.

Please present your evidence of OpenBSD or Trusted Solaris being cracked or retract your claim.

295 posted on 08/12/2003 10:07:19 PM PDT by Knitebane
[ Post Reply | Private Reply | To 294 | View Replies]

To: no one in particular
How to install Windows XP in 5 hours or less

http://diveintomark.org/archives/2003/08/04/xp
296 posted on 08/12/2003 10:30:21 PM PDT by null and void
[ Post Reply | Private Reply | To 295 | View Replies]

To: Daus
Indeed. This has got to be the widest-spreading computer virus/worm EVER.
297 posted on 08/13/2003 12:02:31 AM PDT by rwfromkansas (http://www.collegemedianews.com *some interesting radio news reports here; check it out*)
[ Post Reply | Private Reply | To 87 | View Replies]

To: rwfromkansas
Indeed. This has got to be the widest-spreading computer virus/worm EVER. Actually, not even close... Nimda was much worse....
298 posted on 08/13/2003 6:59:19 AM PDT by STFrancis
[ Post Reply | Private Reply | To 297 | View Replies]

To: gcraig
This is posted from Windows XP Professional -- no worries here either.
299 posted on 08/13/2003 7:03:15 AM PDT by FourPeas
[ Post Reply | Private Reply | To 92 | View Replies]

To: Knitebane
The quotes were an attempt at humor which went over your head I suppose.

Look at Bugtraq for starters, or do a Google on Open BSD exploits or Trusted Solaris exploits...

Bugtrac
http://msgs.securepoint.com/cgi-bin/get/bugtraq0105/92.html

OpenBSD
http://www.insecure.org/sploits/OpenBSD.lprm.overflow.html

Trusted Solaris - from Sun's own website!
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199

Just because an OS provides tools does not mean the person who's using it knows how to keep it safe.

I can't believe I even wasted my time explaining basic security truths to you, as you obviously are in denial. I'm done posting replies to you on this. Good bye.

300 posted on 08/13/2003 10:03:59 AM PDT by Ted
[ Post Reply | Private Reply | To 295 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 241-260261-280281-300301-308 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson