| View previous topic :: View next topic |
| do you find this denz public service announcement to be helpful? |
| yes |
|
64% |
[ 9 ] |
| no. and i'm a moran. |
|
35% |
[ 5 ] |
|
| Total Votes : 14 |
|
| Author |
Message |
denz
Joined: 15 Jan 2003
Location: soapland. alternatively - the school of rock!
|
 Posted: Mon Aug 11, 2003 8:49 pm Post subject: worm alert: 60 seconds until shutdown |
 |
|
for anyone getting hit by that "60 second shut down" blast worm for windows XP, here is the remedy supplied by god (korean versions of XP only). you might have to change your encoding to korean to read this:
(1) install this patch: http://download.microsoft.com/download/e/3/1/e31b9d29-f650-4078-8a76-3e81eb4554f6/WindowsXP-KB823980-x86-KOR.exe
(2) it will reboot your computer after completing installation.
(3) after reboot. hit ctrl + alt + del => and terminate the "msblast.exe" program.
(4) then go to ���� (start menu of Windows) => ���� => type 'regedit' and hit enter. then registry window will pop up.
(5) browse to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (delete "windows auto update" / msblast.exe) if you find it.
denz public service announcement brought to you by god's short shorts.
english versions go here:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A
Last edited by denz on Mon Aug 11, 2003 10:08 pm; edited 1 time in total |
|
| Back to top |
|
 |
denz
Joined: 15 Jan 2003
Location: soapland. alternatively - the school of rock!
|
| Posted: Mon Aug 11, 2003 8:51 pm Post subject: |
|
|
or vote no like a suuuuuuuuucker!
denz |
|
| Back to top |
|
|
mishlert
Joined: 13 Mar 2003
Location: On the 3rd rock from the sun
|
| Posted: Mon Aug 11, 2003 10:12 pm Post subject: |
|
|
The scary thing about the worm is that it allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
Source: Trend Micro |
|
| Back to top |
|
|
denz
Joined: 15 Jan 2003
Location: soapland. alternatively - the school of rock!
|
| Posted: Mon Aug 11, 2003 10:17 pm Post subject: |
|
|
yesh indeed.
ibm (workplace of god) got hit this morning. those smart girls and boys at big blue nailed it pretty quick though:
there was a rat in the deep end, but we got 'im.
denz |
|
| Back to top |
|
|
the_beaver
Joined: 15 Jan 2003
|
| Posted: Mon Aug 11, 2003 10:23 pm Post subject: |
|
|
| The computer at work was hit with this very virus today and tomorrow I can fix it. Denz, you rock. |
|
| Back to top |
|
|
Wombat
Joined: 28 May 2003
Location: slutville
|
| Posted: Mon Aug 11, 2003 10:26 pm Post subject: |
|
|
I use a Mac! CHUMPS!
Wombat the Crafty. |
|
| Back to top |
|
|
camel96
Guest
|
| Posted: Tue Aug 12, 2003 9:29 am Post subject: |
|
|
Kind of serves me right for not paying attention to other threads I guess.  |
|
| Back to top |
|
|
Walter Mitty
Joined: 27 Mar 2003
Location: Tokyo! ^.^
|
| Posted: Tue Aug 12, 2003 10:48 am Post subject: |
|
|
| Wombat wrote: |
I use a Mac! CHUMPS!
Wombat the Crafty. |
Same here!
Hackers  don't scare me.  |
|
| Back to top |
|
|
Bulsajo
Joined: 16 Jan 2003
|
| Posted: Tue Aug 12, 2003 11:24 am Post subject: |
|
|
My home pc is sitting pretty, but at work.... this system is so full of bugs and crap I doubt one more worm would even be noticed...  |
|
| Back to top |
|
|
rudyflyer
Joined: 26 Feb 2003
Location: pacing the cage
|
| Posted: Tue Aug 12, 2003 4:17 pm Post subject: |
|
|
question:
I'm running Norton Internet security and have my personal firewall up. Will I be OK? |
|
| Back to top |
|
|
FlagWaver
Joined: 12 Apr 2003
|
| Posted: Tue Aug 12, 2003 4:49 pm Post subject: |
|
|
Add this to your reading list people.
http://isc.sans.org/diary.html?date=2003-08-11
| Quote: |
operated by the SANS Institute - the most trusted source for Computer Security Training
Trends Top 10 Reports Contact About
Previous
Handlers Diary August 11th 2003
Updated August 12th 2003 11:26 EDT
RPC DCOM WORM (MSBLASTER)
This RPC DCOM worm started spreading early afternoon EDT (evening UTC). At this point, it is spreading rapidly.
Increase in port 135 activity: http://isc.sans.org/images/port135percent.png
**********
NOTE: PRELIMINARY. Do not base your incidents response solely on this writeup.
**********
Executive Summary:
A worm has started spreading early afternoon EDT (evening UTC Time) and is expected to continue spreading rapidly. This worms exploits the Microsoft Windows DCOM RPC Vulnerability announced July 16, 2003. The SANS Institute, and Incidents.org recommends the following Action Items:
* Close port 135/tcp (and if possible 135-139, 445 and 593)
* Monitor TCP Port 4444 and UDP Port 69 (tftp) which are used by the worm for activity related to this worm.
* Ensure that all available patches have been applied, especially the | | |
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
