New Virus hitting hard and furious!!!

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html ^ | 08/11/03 | self

[STFrancis]

All,

Here a scoop to Freepers which is just now hitting us security pro's.

There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.

It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11

A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.

In other words we need to make sure port 4444 is blocked inbound AND outbound.

Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.

Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html

Just thought everyone ought to know.

Thanks...

[MrsEmmaPeel]

Ok, what is a specific example of this?

We've been down this road before. Read my past postings to you on these same questions. Read the CERT Advisory. Read Apple's bug list. Apple doesn't know UNIX.

[Salo]

More than that - I got a g4 along with my windows/linux/netware/bsd boxes. Great machine. I also have a pix firewall and keep every port blocked I don't need. If you have and unpatched system and those ports open, you deserve this virus.

[ThinkDifferent]

We've been down this road before.

Yes, we have, and you were equally evasive then.

Read the CERT Advisory. Read Apple's bug list. Apple doesn't know UNIX.

Surely with such a mountain of evidence you could provide a single URL.

[MrsEmmaPeel]

CERT = www.cert.org SEARCH on "MAC OS X"
I'm sorry you didn't know that. Everyone who has anything to do with security should be getting the CERT Security digest.

APPLE = www.apple.com APPLE has their own security mailing list. You may want to subscribe to this as well.

[HairOfTheDog]

OH MY GOD!!!!!!! Another virus!!!! What do I do?!?!?!?!? Oh wait, I have a Mac. Nevermind.

Yeah - as long as you are obscure, no one will bother you so don't worry.

[AngryAmerican]

Just to give an idea of how these viruses cost businesses money.

Here at our 800 bed hospital. This virus started today on a single PC, probably thru an email attachment. This PC in turn, via the RPC vulnerability, infected Windows Servers running the Patient Clinical Information System. This resulted in the Clinical system being down for several hours. I wish the author of the virus was here waiting for a lab result to identify a deadly illness.

Q:Why weren't the Windows Servers properly patched?
A: Because the software vendor has only tested the code on an earlier Service Pack version and will not support servers with the patch!

[SengirV]

Did you know that there were vulnerabilities in Mac OS X where by someone could actually get root access to you system?

Yeah, provided you could get your hands on the actual machine in question. ANY security expert would tell you that if you allow an unauthorized person to have physical access to your machine, you are by definition nonsecure.

[PoisedWoman]

The Microsoft flaw affects Windows technology used to share data files across computer networks.

Does this mean it woon't spread to those of us who do not work on networks? Also, I only surf on AOL...will I be safe? Hope so, because any virus sends me and my puter down to the local whiz at $65/hour....totally incapable of doing anything technical myself. I have Norton. Will Norton get it before it gets me?

I was infected by BadTrans awhile back....before I got Norton. Nasty! It came in a private email from a freeper's private email to my aol address, come to think of it

[MrsEmmaPeel]

ANY security expert would tell you that if you allow an unauthorized person to have physical access to your machine, you are by definition nonsecure.

No it was to do with an outsider getting a shell command on your system and running your computer as root. WAKE UP! Mac OS X has UNIX underneath!

[ThinkDifferent]

Ok, so you have no interest in supporting your assertions. Fine with me.

[Woahhs]

My Powerbook got a virus, but I ate some chicken soup and it got all better.

Norton Chicken Noodle Rules!

[RadioAstronomer]

THANKS! Just updated and tested my system!

[Doohickey]

Very helpful. Penis.

[kitkat]

Ahem...now that I have a mob of Mackers assembled here, could one of you answer a question for a neophyte?

I can post pix with no problem if I get one off of, say, FR by opening the pic on a new window and copying and pasting the URL. Works just fine.

But, how do I save the URL when I want to store pictures on my OSX?

[Woahhs]

Very helpful. Penis.

As opposed to a arrogant penis?

[Salo]

Emma, is this what you are talking about? Vulnerability Note VU#147587

[jocon307]

Bump, so I can find this thread tommorrow when my computer guy comes to work

[Woahhs]

Copy and paste it on the notes section of the comments box in the Get Info/General Information pulldown menu

[Knitebane]

Does this mean it woon't spread to those of us who do not work on networks?

The Internet is a network. The biggest network.

If your Windows computer is connected in such a way that you can access other computers via TCP/IP, you are at risk from this worm.

LAN, modem, DSL, and cable are all affected.