Clusterheadaches.com Message Board
        (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
      

        New Message Board Archives >> Jul-Sep 2003 >> W32.Blaster.Worm
        
(Message started by: Svenn on Aug 12th, 2003, 9:54am)
Title: W32.Blaster.Worm
Post by Svenn on Aug 12th, 2003, 9:54am
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

A new bastard is out

SHIT   :(:(:(:(

better update your antivirus&firewalls friends


Svenn
Title: Re: W32.Blaster.Worm
Post by Big_Dan on Aug 12th, 2003, 9:59am
Thanks for the update, Bro...

Already on it...



-Big Dan
Title: Re: W32.Blaster.Worm
Post by fubar on Aug 12th, 2003, 11:05am
Actually there are several new ones out.  Blaster is an interesting one... designed to infect your system with an attack against windowsupdate.com.  On the 1st and 16th of every month (and every day in the months of September to December) it will flood windowsupdate.com with attack traffic.

My guess is they are getting ready to exploit YET ANOTHER flaw in windows that there is not a patch for yet.

Folks, listen to me very carefully... I know there is a known flaw that Microsoft will be releasing a patch for, but right now it is a race.  If the hackers can flood windowsupdate before the patch comes out, then people will have an incredibly hard time getting the patch.  This means a LOT of systems will be hacked.  A lot.

Keep your eyes open for a patch from microsoft, and DO NOT HESITATE to install it.  You may not get more than one chance to install it.

I know this directly from microsoft.

-Fu
Title: Re: W32.Blaster.Worm
Post by jminmilwaukee on Aug 12th, 2003, 12:08pm
Yes, get the update!!!!

Funny, seems someone tried to warn this board about a week or so ago to do just that!

Could it be.......SATEN!!!! (Church lady quote for those who don't know)  ;D

Anyway, although I could say "told ya so" it just does not seem right at this point.

Do yourself and the internet a favor and patch that puppy!

jmin
Title: Re: W32.Blaster.Worm
Post by fubar on Aug 12th, 2003, 1:13pm
hmmm... jmin not only mentions SATAN (spelling corrected) in his post... he has, for his graphic, a painting called 'son of man', which is also another name for, er, SATAN.

Are you the church lady?
Title: Re: W32.Blaster.Worm
Post by Kirk on Aug 12th, 2003, 1:26pm
I thinkyou mean my post jmin. I don't think I'm SATAN
It is also known as:

Lovsan
Poza

It is an RPC DCOM Worm.

TTFN
Title: Re: W32.Blaster.Worm
Post by Mark C on Aug 12th, 2003, 2:06pm
Even our network at work is infected at the moment....and we have a pretty good IT dept.  :-/

This is getting ridiculious...

http://www.cert.org/advisories/CA-2003-20.html

http://www.washingtonpost.com/ac2/wp-dyn/A49575-2003Aug12?language=printer

http://www.dslreports.com/shownews/31258

http://www.zone-h.org/en/news/read/id=3220/





Scan your computer ports here. (http://www.pcflank.com/scanner1.htm) Make sure ports 135 & 139 are stealthed or closed, if open you need a firewall.

One of my favorite sites, http://grc.com also has some good security tools including a easy scanner to check port 135 here (https://grc.com/x/portprobe=135)


Go here (http://v4.windowsupdate.microsoft.com/en/default.asp) to update Windows...bear in mind its having a bunch of traffic right now but it was working as of 3:00 PM Tuesday.

I think I am going yo unplug my CAT 5 cable and go fishing till this crap is over...fucking script kiddies  >:(

Holler if you need help,

PFDAN's
Mark
Title: Re: W32.Blaster.Worm
Post by Kirk on Aug 12th, 2003, 2:37pm
This will probably be a bit quicker.

www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

Yea herd thinners get ta movin hubba hubba go get em while they're hot.

Sorry to hear about the probs your IT department is having Marc. Tell them they have my sympathy. We are still trying to get M$ users covered under the ADA. Hang in there until then. We're pulling for ya!

TTFN

Kirk

Beer it's just not for breakfast anymore.
Title: Re: W32.Blaster.Worm
Post by Ueli on Aug 12th, 2003, 3:04pm
Yeah, traffic got heavy lately.

My firewall intercepted 180 attempts on port 135 in the last 12 hours, but hardly any up to yesterday.

Get a fucking firewall !

Ueli
Title: Re: W32.Blaster.Worm
Post by Drk^Angel on Aug 12th, 2003, 3:39pm
Damn... Update anti-virus, install patch, get a firewall... A shitload of things to do... How'd I find the time... Oh wait... Nevermind.  Already done... ;D

PFDAN.................................. Drk^Angel
Title: Re: W32.Blaster.Worm
Post by jonny on Aug 12th, 2003, 4:13pm
Thanks Mark and Svenn,

All ports scanned are stealthed, even 135 and 139 ;D

..............................jonny
Title: Re: W32.Blaster.Worm
Post by eyes_afire on Aug 12th, 2003, 5:19pm
Okay folks, excuse my ignorance but...

WTF are ports 135 & 139 and why should I care?

A firewall is beyong my reach at this time, it would probably cost more than my computer is worth.

--- Steve, still in the bronze age...
Title: Re: W32.Blaster.Worm
Post by jonny on Aug 12th, 2003, 5:23pm
Steve Bro,

Free firewall here
http://www.zonelabs.com/store/content/home.jsp

Its what I use and ive never been violated....(Let me rethink that)....LMAO ;D

...........................jonny
Title: Re: W32.Blaster.Worm
Post by jminmilwaukee on Aug 12th, 2003, 6:02pm
Kirk, the post below that I entered on July 31st is the one I am speaking of.

Saten, satan, tomato, tomoto.....yeah yeah. I make up for my lack of good grammer with charm and wit!  ;D

Serious, This is no minor deal. Berkley shut down their entire network on monday and said it will be up to 4 days before they are back online. I am currently securing a 5000 node network as we speak.

See below for my previous warning. And cheers. 8)

For The Non Believer - Comp Related
« on: Jul 31st, 2003, 11:31am »  Quote  Modify  Remove  

--------------------------------------------------------------------------------
http://www.cnn.com/2003/TECH/internet/07/31/internet.atttack.ap/index.ht ml

Better safe than sorry and don't say I did not warn you.

jmin


Title: Re: W32.Blaster.Worm
Post by eyes_afire on Aug 12th, 2003, 10:03pm
Thanks Jonny, I'll have to check it out.

--- Steve
Title: Re: W32.Blaster.Worm
Post by Opus on Aug 13th, 2003, 5:11pm
Here is a patch to stop one fatal flaw, I bet MS will come out with it's own in a coulple years but it will be a 5 meg download.

To patch a fatal hole in most windows OS's use this program. 95-XP

http://grc.com/UnPnP/UnPnP.htm

check out there other software, I havn't tested any.

http://grc.com/freepopular.htm


Opus/Paul


Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.