New Virus hitting hard and furious!!!

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^ | 08/11/03 | self

[STFrancis]

All,

Here a scoop to Freepers which is just now hitting us security pro's.

There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.

It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11

A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.

In other words we need to make sure port 4444 is blocked inbound AND outbound.

Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.

Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html

Just thought everyone ought to know.

Thanks...

[null and void]

"The flaw, discovered by an anonymous Canadian security researcher who uses the nickname "Null,"

Not me, BTW...

[lonevoice]

bookmark

[MrsEmmaPeel]

I keep all of my systems patched up.

There was a hole in Mac OS X for a year - patches had no affect -- that was the point I was trying to make. Apple adopts UNIX then ignores security issues that come with UNIX. Apple will regularly say: "We're not affected" when in fact they are. THAT is a big problem- one of attitude. There is a myth that Apples are invulnerable. How can that be, when UNIX is not? I've had personal experience with this. Apple may make good computers, but they just don't know UNIX.

[antivenom]

Well IF you didn't do a RUN -> Regedit...and do a Find on HKEY_LOCAL_MACHINE for Msblast.exe you are still a carrier...

[I_love_weather]

Hello

Could someone reply in here...I need some help

I read in the paper that Microsoft has a PATCH for this new virus.

I went to the web-site that it had listed...but I do not see thePATCH on there.

Could someone direct link me to where this patch is located and tell me what it says...in other words what I am looking for on that web page?

THanks ahead of time...

Please reply on this thread....not in private email or private message.

Thanks Ahead Of Time

Appreciate It....

[dansangel]

.45MAN's company hit in Atlanta. All of the computers at his company are infected. This is a very malicious code.

[rdb3]

Check your registry to for msblast as well (do a regedit). I found this on my wife's laptop last night. The "help" desk at her job is inept, to say the least.

[SengirV]

OK, if you do not have a real mouse, then CTRL-click on the image. I have always used thrid party mice, I can't stand the Apple supplied mouse. Having a laptop, kinda forces me to get a third party mouse, before anyone clones start mouthing off.

[Howlin]

Do you happen to know what kind of virus software Compaq runs on their newest laptops? My niece has this virus and can't find her virus program.....duh.

[cashion]

Needless to say, the "mainstream" news media has been universally reporting that the exploit affects "essentially all versions of Windows."

Aren't something like 30% of PC owners still running Win98? This sort of piss-poor journalism can cause these people a lot of grief as they run around looking for patches to their systems that are not needed and, indeed, do not exist.

IIRC, this exploit affects all versions of Windows dating back to Win95, except for Windows Millenium. I think they got it right this time, unless I'm thinking of one of the other dozens of remote exploits for Microsoft OSes.

[Hoboken]

If you follow the steps in post #17 you'll be fine.

[Born Conservative]

bump for home

[AxelPaulsenJr]

What is services.msc? And where do I find it on my computer?

Thanks, Axel

[rdb3]

Do you happen to know what kind of virus software Compaq runs on their newest laptops?

I have no idea, but I'm willing to bet it's McAfee.

[bellas_sister]

I think I have it too ...

I have never had any thing before....

How do I rid my computer of this...

It has been automatically shutting off by its self all day yeaterday and through the nite...

Called Dell no help there...


HELP!!! what do I do?

[eyespysomething]

It hit the school I work at too. It is nasty. We got the initial version of this at home when it was just a trojan and not a virus. I downloaded the patch and fix and everything was ok. Now someone mutated it and eek what a mess. I work at the help desk in our IT dept and we told everyone to update their Windows OS 2 weeks ago. The ones who did are fine, the ones who I guess thought we were not serious, well they are now waiting in line for the guys to go around and fix their machine.

I am a little ticked that our tech guys, especially our network guy, didn't catch this before it happened.

I just can't believe the speed at which this spread.

[Tuscaloosa Goldfinch]

I went to Microsoft to download the patch, but apparently I don't need it?? because I'm running Windows ME. At least there's SOMETHING good about Windows ME. Both my children are running XP in their computers, and both got the virus.

[Born Conservative]

Here is a good description of services.msc: http://www.theeldergeek.com/services_guide.htm

[=Intervention=]

While not descending the depths of schaenfraud, let me say that I'm in the same boat. Yet another windows virus? I have a mac. No probs!

[=Intervention=]

Of course Apple doesn't know UNIX -- they just make an OS that uses it...hmm. Your hyperbole and bias is showing.