Free Republic

Microsoft warns of fake security alertBy Mike Tarsala, CBS.MarketWatch.comLast Update: 6:50 PM ET Aug. 15, 2003SAN FRANCISCO (CBS.MW) -- Microsoft warned late Friday that a fake security alert contains malicious code that can attack PCs.The bogus instructions purport to tell the software maker's customers how best to handle the dreaded Blaster computer worm that hit this week The fake Microsoft e-mail, first spotted early Friday, looks "very official," said Sean Sundwall, Microsoft spokesman. The fake e-mail includes instructions to check Microsoft's (MSFT: news, chart, profile) security Web site for a software patch and updates. It also suggests steps that home...

The Blaster worm, which continues to create chaos by crashing numerous vulnerable Windows machines across the Net, has changed the rules on malicious code attacks. Unlike Slammer or Nimda, home users have borne the brunt of the attack - although businesses of all sizes have also suffered. Blaster shatters the partially reassuring notion that email-borne nasties are the most significant threat for Harry Homeowner. Now updating patches and using perimeter security, always good ideas, have become prerequisites for Windows users. With the appearance of new variants of Blaster already appearing on the Net, its worth reviewing the nature of Blaster,...

As part of its effort to stop the progress of the MSBlast worm, Microsoft is killing off the Windows Update address that the self-propagating program was set to attack. Because the worm is programmed to attack only that address and not the site that it redirects to, the software giant has decided to eliminate the Windowsupdate.com address. The move is one of a series of efforts that Microsoft has undertaken to try to thwart an attack on its servers that was expected to be launched by infected computers starting Friday. "One strategy for cushioning the blow was to extinguish...

<p>Computer systems at Edwards Air Force Base, Calif., were shut down this week as a result of the "Blaster" computer worm.</p> <p>The desert base is home to the Air Force Flight Test Center, which conducts work on the B-2 and B-1B bombers, the airborne laser, the Global Hawk unmanned aerial vehicle, the new F-22 Raptor jet fighter, the Joint Strike Fighter and other high-tech weapons.</p>

The internet's domain name system root servers have been pounded with up to 50% more domain lookups than usual this week, and VeriSign Inc, the company that manages some of the servers, thinks the Blaster worm is to blame. VeriSign said late yesterday that daily DNS queries on its infrastructure increased by 3.7 billion this week, roughly 33% more than usual. At 9am US Pacific time yesterday, the traffic was up 50% about normal levels, the company said. "A five percent deviation would be significant. It's usually very predictable," VeriSign's senior VP of security services Ben Golub said. "This...

SAN FRANCISCO (Reuters) - Computer network and security experts said on Thursday there was no evidence the power outage in the northeastern United States and Canada was related to the Blaster worm that began spreading on Monday. "I have no thought that (the outage) is Blaster related," said Alan Paller, research director at the SANS Institute in Bethesda, Maryland. "The Internet is built not to worry about that," he said. "If you blow up any big chunk, it is designed to work." "There is no information available at this time to indicate that the power outages in the Northeast...

A virus-like computer attack that began spreading across the Internet and crashing computer networks Monday is expected to infect hundreds of thousands of computers worldwide in coming days. By Saturday, it may reach a climax when it's programmed to direct all infected computers to attack a security-related Microsoft Web site, computer security experts said. The target Web site, www.windowsupdate.com, is used by millions of Microsoft users each week to automatically update computers with the latest anti-virus software and patches. It's unclear how much damage might be caused by the computer worm, already dubbed LoveSan, Blaster and MSBlaster. But security...

All, Here a scoop to Freepers which is just now hitting us security pro's. There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago. It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11 A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only....

Sorry for the vanity, but my computer stopped working today. I would get an error message: "Generic host process for Win 32 services System Shutdown NT Authority / System" "Remote Procedure Call (RCP) service has terminated unexpectedly" Then it would do a 60-second countdown until it shut down the computer. It's a weird looking error message and the backwards countdown from 60 seconds until it shuts down the system seems very ominous (although I suppose it's better than an immediate crash). It did it once about a week ago, then today it would happen as soon as I'd reboot, so...