To those running Win2k and WinXP....

Inactive threads from other boards are stored here.
Locked
User avatar
Tsukasa
Peanut Butter Mod
Posts: 1368
Joined: Wed Feb 05, 2003 7:30 am

To those running Win2k and WinXP....

Post by Tsukasa »

Wow. A non-.hack related announcement. Shock. o.o

However, it is semi-related, if you really wanna talk about virii and stuff...

However, this is a mildly serious note and I figured that I'd at least toss a notice for everyone to see, since the goal is to get this thing patched before the 16th. ^-^;;;

This is a worm virus called 'MS Blaster'... Well, I've heard a ton of names for it, but that's the main one people seem to come up with. It's mark, when it shows, is that it causes an error in the system's RPC and will trigger a message that says somethign to the extend of 'RPC Error. Windows will reboot in 30 seconds.'

And you can guess how that works. -_^

Nevertheless, the MS Blaster spreads itself by generating random IPs and trying to 'contact' them. Once it's made a link, it sends an exe file that then it activates from the infected machine. This is caused by a flaw in the Remote Procedure Call interface of Win2k and WinXP. Usually, the OS obviously has a distaste for that, and may often bring about the 'restart' message I mentioned above.

One method of preventing this worm from infecting your machine is by blocking ports UDP 69, TCP 135, and TCP 4444 with your firewall. Another method is by downloading a patch Microsoft has released to fix the RPC problem.

Come August 16th, this virus will then turn around and perform a DoS Attack on Windowsupdate.com from any machine it's located on. Now, I'm not a Microsoft fan, but if this virus is as widespread as Symantec has been claiming it to be, I think this may be messy. ^-^;;

Symantec has claimed this to be a code red, Category 4 threat, and this virus has already been mentioned on the US government's Homeland Security site as well. It looks to be like it's a nasty little thing, like I said. I personally know a handful of people who have had the virus already.

Nevertheless... that's the information. I've got a few more links here pertaining to it, including Microsoft's Security Bulletin. Anyway...

Symantec's Information Site -
http://www.symantec.com/avcenter/venc/d ... .worm.html

Microsoft Security Bulletin MS03-026-
http://www.microsoft.com/technet/treevi ... 03-026.asp

Homeland Security Information-
http://www.nipc.gov/warnings/advisories ... 302003.htm

Washington Post Article-
http://www.washingtonpost.com/ac2/wp-dy ... ge=printer
Budget Zen: When you see something so stupid that your mind goes blank rather than try to rationalize it.
Top
Locked

Return to “Cyberslum”