Clusterheadaches.com Message Board (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
New Message Board Archives >> Jan-Mar 2004 >> Virus Alert for BlackICE and RealSecure users
(Message started by: Opus on Mar 20th, 2004, 10:18pm)

Title: Virus Alert for BlackICE and RealSecure users
Post by Opus on Mar 20th, 2004, 10:18pm
A quickly spreading Internet worm destroyed or damaged tens of thousands of personal computers worldwide Saturday morning by exploiting a security flaw in a firewall program designed to protect PCs from online threats, computer experts said.

The "Witty" worm writes random data onto the hard drives of computers equipped with the Black Ice and Real Secure Internet firewall products, causing the drives to fail and making it impossible to restart the PCs. Unlike many recent worms that arrive as e-mail attachments, it spreads automatically to vulnerable computers without any action on the part of the user.

At least 50,000 computers have been infected so far, according to Reston, Va.-based computer security firm iDefense and the Bethesda, Md.-based SANS Institute.

If you use these firewalls on Windows.
BlackICE™ Agent for Server 3.6 ebz, ecd, ece, ecf
BlackICE PC Protection 3.6 cbz, ccd, ccf
BlackICE Server Protection 3.6 cbz, ccd, ccf
RealSecure® Network 7.0, XPU 22.4 and 22.10
RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
RealSecure Desktop 3.6 ebz, ecd, ece, ecf
RealSecure Guard 3.6 ebz, ecd, ece, ecf
RealSecure Sentry 3.6 ebz, ecd, ece, ecf

Power down, go to a safe computer and go HERE (http://xforce.iss.net/xforce/alerts/id/167)

Opus/Paul

Title: Re: Virus Alert for BlackICE and RealSecure users
Post by Kirk on Mar 21st, 2004, 5:49am
A firewall worm that makes your machine unbootable. The script kiddies are trying to get creative.

Be careful out there. We're pulling for ya.

BUMP

TTFN

Title: Re: Virus Alert for BlackICE and RealSecure users
Post by Opus on Mar 21st, 2004, 6:38pm
Kirk,
  It doesn't seem like script kiddie work, this thing changes the packet size that it sends out to fool virus defs, I almost wonder if it is a proof of concept that got away from someone, if it was put up on a virus board wouldn't the "insert witty comment" have been changed to one. Anyway scary stuff, think I'll go patch my kernel now.

Opus/Paul




Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.