New Virus hitting hard and furious!!!

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^ | 08/11/03 | self

[STFrancis]

All,

Here a scoop to Freepers which is just now hitting us security pro's.

There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.

It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11

A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.

In other words we need to make sure port 4444 is blocked inbound AND outbound.

Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.

Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html

Just thought everyone ought to know.

Thanks...

[null and void]

Actually, ya know, it's us doing it.... ;-)

you TOLD!!!

[Paul C. Jesup]

(sarcasm) I have only three letters for you post: S. C. O.

[rdb3]

(sarcasm) I have only three letters for you post: S. C. O.

Let me up it to three words: No mo' S.C.O.!

[AppyPappy]

I'm getting hammered here at home. Norton Firewall is all up in my grill. I guess it has gotten in the modem pool at school.

[amigatec]

Well yesterday in just 4 hours I had 103 hits on my firewall, and I'm on a dial-up.

[AppyPappy]

I finally restricted the IP addresses in the modem pool.

[Paul C. Jesup]

(sarcasm) I have only three letters for you post: S. C. O.

Let me up it to three words: No mo' S.C.O.!

Here is my three word reply back to you; Linux, lawsuit city.

[markfiveFF]

Dang! All I got is my dual Intel 4004s. Should I upgrade to an Athlon XP?

[rdb3]

Here is my three word reply back to you; Linux, lawsuit city.

And, for brevity, here's my 3-in-1 word back atcha: fuhgedaboudit.

[markfiveFF]

correspond with bosses from home and would NOT want them to receive weird mail allegedly from me. So far, none of these returned items were to anyone I ever heard of.

It could be spammera, or folk looking for vulnerable systems. The fact that your system sent out stuff tells me your system is vulnerable as food for the worm.

One, do you use Outlook for your e-mail? My guess is yes. It would be nice if you figured out how the hackers told your system to spam. But they could amateurs or heavy hitters.

Noticing the problem is the first step. Someone here knows more than I (actually, several soemones).

For freedom!

[markfiveFF]

There are real-world reasons that people don't apply Windows updates. One, there can be a lot of updates. Two, in a small office, expertise may be lacking. Three, and most important, updating Windows can and often does break existing applications. So, sensible admins test before updating, and only install 'critical' updates anyway.

I'm not an admin, but I hang with them. Linux/Unix/FreeBSD are good for servers; Macs are good for graphics/art/3D/game design, and Windows is good for desktops, many applications, and full employment for admins. This is my and admins observations.

Windows makes a decent db server in SQL 7/2000/2003, but web server, the way to go is FreeBSD/Apache. It all depends on what you are using the machine for.

[Paul C. Jesup]

(sarcasm) Sorry, I don't speak geek.

[avenir]

Thank you!

[Ted]

Cute language, but naive... I have seen many average-skilled computer consultants trained in simple yet effective hacks into OpenBSD and a "Trusted" Solaris box.

[Knitebane]

I have seen many average-skilled computer consultants trained in simple yet effective hacks into OpenBSD and a "Trusted" Solaris box.

The fact that you added the quotes around Trusted in Trusted Solaris quickly exposes your ignorance.

Please present your evidence of OpenBSD or Trusted Solaris being cracked or retract your claim.

[null and void]

How to install Windows XP in 5 hours or less

http://diveintomark.org/archives/2003/08/04/xp

[rwfromkansas]

Indeed. This has got to be the widest-spreading computer virus/worm EVER.

[STFrancis]

Indeed. This has got to be the widest-spreading computer virus/worm EVER. Actually, not even close... Nimda was much worse....

[FourPeas]

This is posted from Windows XP Professional -- no worries here either.

[Ted]

The quotes were an attempt at humor which went over your head I suppose.

Look at Bugtraq for starters, or do a Google on Open BSD exploits or Trusted Solaris exploits...

Bugtrac
http://msgs.securepoint.com/cgi-bin/get/bugtraq0105/92.html

OpenBSD
http://www.insecure.org/sploits/OpenBSD.lprm.overflow.html

Trusted Solaris - from Sun's own website!
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199

Just because an OS provides tools does not mean the person who's using it knows how to keep it safe.

I can't believe I even wasted my time explaining basic security truths to you, as you obviously are in denial. I'm done posting replies to you on this. Good bye.