SgtRush
Aug 11 2003, 09:30 PM
http://securityresponse.symantec.com/avcen...aster.worm.htmlIt was inevitable, I wonder how long this will take to make the evening news. Even if it does I doubt any of the home user market will do what they need to do.
Black_hat
Aug 11 2003, 09:40 PM
oh my god ! shit !
it's bad news
(
Please read my chat log .. it's about talked to BitDefender.com AntiVirus company
) it's so funny
| QUOTE |
--------------------------------------------------------------------------------
Welcome Black_Hat! Please hold while we contact a representative. If a representative does not respond in a few seconds, then he/she is not available at this time.
--------------------------------------------------------------------------------
"give me information about new virus for RPC bug ? "
--------------------------------------------------------------------------------
** You are now speaking with Bob, Technical Support. **
Bob : Welcome to BitDefender Live Support, Black_Hat! Thank you for your interest in our security solution BitDefender.
Bob : How can I help you?
Black_Hat : please give me information about New worm for RPC bug?
Black_Hat : bitdefender can detect this virus ?
Black_Hat : Today Symantec published new alert for W32.Blaster.Worm
Black_Hat : W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability using TCP port 135. It will attempt to download and run a file, msblast.exe
Black_Hat : now i want to know Bitdefender AntiVirus can detect this ?
Bob : I guess we still lack a copy of this worm.
Bob : Do you have a copy of it?
Black_Hat : not for this time but i think we can find this worm on LAN network
Bob : Great. Thank you.
Bob : There is a patch from Microsoft for this issue:
Bob : http://www.microsoft.com/technet/treeview/...in/MS01-048.asp
Black_Hat : i should runnig this patch on over 250 machine ! it's not esay for this time
Bob : Sorry, not this link.
Bob : http://microsoft.com/technet/treeview/defa...in/MS03-026.asp
Bob :
Bob : This is the one.
Black_Hat : well if i find this worm how i can send this to you ?
Bob : Archive it with WiZip or WinRar and send it by e-mail at the address:
Bob : support@bitdefender.com
Black_Hat : Tanx Bob
|
Black_Hat
(((Bob : Welcome to BitDefender Live Support, Black_Hat! Thank you for your interest in our security solution BitDefender. )))
yes real Security Solution
)
Droezel
Aug 11 2003, 11:48 PM
I think this worm is already spreading quickly. I see lots of peeps on fora that are infected. Their system keeps on rebooting everytime the connect to the net.
netcomm
Aug 12 2003, 03:57 AM
seems the DoS against win update was thrown in for good measure.
everyone had pleanty of heads up.
so if your infected ya habe noone but your self to blame..
NetComm
Osiris
Aug 12 2003, 05:31 AM
Information tells me to run the firewall first, then connect, and download the patch, hopefully this works. Too bad im on Mac..... this is a little late, haha....silly people not doing simple windows update
Also, found more info at the following site:
http://www.washingtonpost.com/wp-dyn/artic...-2003Aug11.html
packet
Aug 12 2003, 02:54 PM
Hey nice Avatar Osiris!
Hey, anyone know who the heck is calling this worm: Luvsan? My mother-in-law called me up and said hey what abou this Luvsan worm all over the news? And I said, what? So I looked it up and I could only find a few references to the luvsan name.
--P.G.
G-Mik
Aug 12 2003, 08:28 PM
The worm writer called it that, love his little note to bill gates below aswell.
| QUOTE |
Worm blasts across the web
Many versions of Windows are at risk from MSBlast
A Windows worm dubbed MSBlast is quickly spreading across the net and swamping net connections as it looks for more vulnerable machines to infect.
On infected machines the malicious program also launches an attack against the Microsoft site that holds a software patch that keeps the worm out.
Security firms say the design of the worm is hampering its spread but warn that tens of thousands of computers could fall victim to it.
The vulnerability exploited by the worm has been known about for almost a month and net security organisations have been warning that it would soon be exploited.
Damage control
MSBlast is known as a worm because it can spread across the net by itself.
Once installed on a machine MSBlast, also called Lovsan, starts scanning for other vulnerable machines and this can swamp local net connections.
AFFECTED SYSTEMS
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Network Associates said that many home broadband users were reporting heavy traffic on their net connection as a result of being infected by the worm.
Security firm Symantec said that it had already found MSBlast on more than 57,000 machines.
The worm is likely to find a lot of hosts on the net as it exploits a vulnerability found in many different versions of Microsoft Windows.
The vulnerability exists in the way that Windows shares files across networks. The carefully crafted code of the worm swamps a memory buffer which forces a machine to carry out instructions hidden in the tail of the file.
As well as scanning for more machines to infect, MSBlast is also preparing to launch an attack on 16 August on Microsoft's Windows Update website where many people go to get software patches that close software vulnerabilities.
HOW TO AVOID MSBLAST
Keep anti-virus software up to date
Use a firewall on broadband connections
Apply patches to close vulnerabilities
Apply cleaning programs to infected machines
The vulnerability exploited by MSBlast was first discovered on 16 July and since then security firms, governments and alert services have been warning people that an attack was imminent.
Warnings grew more shrill as security firms reported that malicious hackers were starting to seek out machines that suffered the vulnerability that is now being exploited.
"The time between vulnerabilities being disclosed and exploits being created is decreasing, companies must have an efficient patch management process if they are to protect critical networks," said Graeme Pinkney, operations manager for Symantec. "Time is no longer on their side."
Those most likely to be affected are home users and small firms that tend not to be as diligent about computer security as large companies.
Security firms said that the worm is unlikely to spread as far the recent Slammer worm but said it could rival 2001's Code Red worm which managed to infect 200,000 machines.
Symantec said that it was spreading about 20% of the speed of the Slammer worm when measured by the number of unique machines it was finding and infecting.
Hidden inside the worm are two messages. One taunts Microsoft chairman Bill Gates and reads: "billy gates why do you make this possible? Stop making money and fix your software!" The other is more cryptic and says: "I just want to say LOVE YOU SAN!"
|
Mephisto
Aug 12 2003, 11:23 PM
it is evening news the worm
It is called Blaster Worm and it was on the news 2night
DAMN
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
