
08-13-2003, 07:01 AM
|
 |
Prince of Pervs
|
|
Join Date: Jun 2002
Location: England
Posts: 2,612
|
|
W32.Blaster.Worm
you might have read about it but this is a pretty sneaky virus since it doesn't need you to do anything other be connected to the internet to infect you and other computers. here's the info on it.....(fix and remove tools available from mcirosoft and symantec or me)
Based on the number of submissions received from customers and based on information from the Symantec's DeepSight Threat Management System, Symantec Security Response has upgraded this threat to a Category 4 from a Category 3 threat.
W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and execute it.
Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service (DoS) on Windows Update. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.
Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.
NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003, rev. 19
Symantec Security Response has developed a removal tool to clean infections of W32.Blaster.Worm.
Anyone that uses a decent firewall system should be safe enough. This virus attacks systems running Windows 2000 and Windows XP it can infect NT 4 and windows 2003 systems too.
if don't want to search through the MS and Symantec websites for the fix and removal tools I've downloaded them they'll be on my web site for a couple of days.
http://www.fluffyknight.co.uk/fix.zip
__________________
FussyPucker
There are only 10 types of people in the world: Those who understand binary, and those who don't...
Sarcasm: It's not big and it's not clever...........but it's funny as fuck!
The Special One!
|

08-13-2003, 07:46 AM
|
 |
♦*♥Moderatrix♥*♦
|
|
Join Date: Nov 2001
Location: on top of it all
Posts: 50,568
|
|
* smooches* TY sweetie. I patched mine at a friend's suggestion yesterday. I know lots of works systems that were inundated by this slippery sucker.
|

08-13-2003, 07:57 AM
|
 |
Bastard of Member
|
|
Join Date: Jun 2002
Location: Illinois
Posts: 6,029
|
|
I have gotten it at home twice. Fixed it then got it when applying the patch. Thank god it doestn hurt anything but damn it is annoying.
__________________
Love...the slowest form of suicide.
|

08-13-2003, 08:12 AM
|
Learning to talk sexy
|
|
Join Date: Nov 2002
Posts: 3,264
|
|
thanks FP!!!! 
|

08-13-2003, 09:13 AM
|
I make sexytime with you
|
|
Join Date: Oct 2001
Location: Australia
Posts: 1,616
|
|
Just a couple of points:
While the worm itself only exploits the DCOM RPC hole over TCP port 135, the hole can also be exploited over TCP ports 139 and 445. Block those too.
This worm is really quite stupid in a number of respects, and yet the impact it has had is enormous. An expertly written worm exploiting this flaw would be nothing short of disastrous.
__________________
I want to know everything
I want to be everywhere
I want to fuck everyone in the world
I want to do something that matters
|

08-13-2003, 09:38 AM
|
 |
Prince of Pervs
|
|
Join Date: Jun 2002
Location: England
Posts: 2,612
|
|
The only thing Virus does effectively is spread istelf around. That's really the idea of it, just to highlight a flaw in Microsoft operating systems it was never meant to be destructive just an annoyance.
An anit-virus company called F-secure wanted to test how quickly this thing can spread. They set up an unprotected PC and in just over 5minutes it had been infected.........they left it running and later that day it was only taking 27 seconds to get the virus !!!
It was just a flick in the balls to Microsoft in order to get them to better check their software.
__________________
FussyPucker
There are only 10 types of people in the world: Those who understand binary, and those who don't...
Sarcasm: It's not big and it's not clever...........but it's funny as fuck!
The Special One!
|

08-13-2003, 01:36 PM
|
 |
<----Snappin' Pussy
|
|
Join Date: Apr 2001
Location: Queensland, Australia
Posts: 106,936
|
|
Couldn't they just get a written petition...fuckin' worms....i'll give the bastards worms!!!
These ppl that make these things piss me off BIG TIME!!
__________________
Smile, it's the second best thing you can do with your mouth.
*~Sharni~*
If you go hunting tigers....be prepared when ya catch one!
|

08-13-2003, 01:42 PM
|
 |
Now Seating
|
|
Join Date: Jun 2003
Location: USA
Posts: 531
|
|
I got it last night while i was in the chat, had to leave in the middle of a great show. XD
my virus scan seems to have crapped out on me so i just ran my comp in safe mode and did a system restore for a day before it happend, thank god I make checkpoints every 24 hours, im compulsive like that. ^.^
__________________
-Oz
|

08-13-2003, 01:44 PM
|
 |
Now Seating
|
|
Join Date: Jun 2003
Location: USA
Posts: 531
|
|
oh yea, and for anyone who doesnt know (dunno if it was posted in posts before mine cause i didnt read'em all) what the virus does, it opens this annoying lil box that says "blah blah blah your computer has been forced a shutdown authorized by blah blah" then it gives you a 1 minute countdown timer until it dicks you. at least the person who made it gave you tiem to save what you're doing =) *tips his hat to the maker*
__________________
-Oz
|

08-13-2003, 01:56 PM
|
 |
Prince of Pervs
|
|
Join Date: Jun 2002
Location: England
Posts: 2,612
|
|
LOL actually ozling if you open a DOS window and type "shutdown -a" errrr without the "s of course then it aborts the shutdown that the virus starts  it may be "shutdown /L /A" on some Windows version I can't remember for the mo but I think XP pro or maybe win 200 needs you to specify L - the local machine then A - abort 
__________________
FussyPucker
There are only 10 types of people in the world: Those who understand binary, and those who don't...
Sarcasm: It's not big and it's not clever...........but it's funny as fuck!
The Special One!
|

08-13-2003, 02:01 PM
|
 |
Now Seating
|
|
Join Date: Jun 2003
Location: USA
Posts: 531
|
|
will keep that in mind next time lil annoying bastard decides to show 'imself
__________________
-Oz
|

08-13-2003, 02:17 PM
|
 |
Prince of Pervs
|
|
Join Date: Jun 2002
Location: England
Posts: 2,612
|
|
Well hopfully once you've installed the microsoft hot fix it should never appear again!
__________________
FussyPucker
There are only 10 types of people in the world: Those who understand binary, and those who don't...
Sarcasm: It's not big and it's not clever...........but it's funny as fuck!
The Special One!
|

08-13-2003, 11:43 PM
|
I make sexytime with you
|
|
Join Date: Oct 2001
Location: Australia
Posts: 1,616
|
|
Quote:
Originally posted by FussyPucker
It was just a flick in the balls to Microsoft in order to get them to better check their software.
|
If it was then it was misguided. Microsoft patched this hole about a month ago. I'm no Microserf myself, but credit where it's due.
|

08-14-2003, 03:38 AM
|
 |
Prince of Pervs
|
|
Join Date: Jun 2002
Location: England
Posts: 2,612
|
|
I found it funny that the virus contained but never displayed this bit of text..
"I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!"
The pacth for this problem was released July 16th by microsoft and since then 4 updates have been made to it. The reason I said it was a flick in the balls to MS is that despite having patched the problem the whole issue of security and bugs in MS software has been thrown in to the news AGAIN by this virus. The main problem is really with the release of information on security patches, your average home uer is unlikely to ever know about them until it's too late. There are two options to this:-
1. Software companies (not just MS) need to do more work on testing software prior to release... you have to remember that it's impossible to track down every possible bug.
2. When there is such a critical secuirty flaw discovered people need to be made aware of them so that protection can be in place before a hacker/virus writer can exploit them.
I doubt either will ever happen really since it is impossible in such complex software to track and fix every problem..... and of course it's usualy the hackers/virus writers that find these flaws first.
oh well it keeps life interesting 
by the way this virus now has two variants
W32.Blaster.B.Worm
W32.Blaster.C.Worm
Now that's just silly !
__________________
FussyPucker
There are only 10 types of people in the world: Those who understand binary, and those who don't...
Sarcasm: It's not big and it's not clever...........but it's funny as fuck!
The Special One!
|

08-14-2003, 06:51 AM
|
 |
Bastard of Member
|
|
Join Date: Jun 2002
Location: Illinois
Posts: 6,029
|
|
Skip's wife spent about 10 minutes berating him on the post it note written on July 21st reminding him to get the patch....I told her I ignored those damn things...
__________________
Love...the slowest form of suicide.
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 11:07 AM.
|