A worm that takes advantage of what some security experts have called the most widespread Windows flaw ever has started spreading, fulfilling the predictions of many researchers.
Dubbed "MBlast" by its author, the worm is spreading quickly, according to an initial analysis posted to the Internet Storm Center, a digital threat-tracking site. Ever since mid-July, when Microsoft announced a vulnerability in a widespread component of Windows, security experts have been waiting for some online vandal to create a worm that takes advantage of it.
"It is pretty widespread," said Johannes Ullrich, chief technology officer for the Storm Center. "It is sort of getting to the point where it is causing some slowdown."
Some system administrators posting to a mailing list run by the North American Network Operators' Group, a popular forum for engineers who maintain large networks, believe that as much as 10 percent of the data coming into their networks has been created by the worm.
Full story here
Patch info here
"One would like to believe in the freedom of music."
-Rush "Spirit of Radio"
My profile in Cnet's "Three I can't live without"
Thanks for the info, I doubt I'm at risk, but I'd rather not find out the hard way
Help save lives by doing cancer research! Click here to see the Zeropaid.com UD member page. Please take a few minutes to sign up for our UD cancer research program, it uses idle cpu cycles to help fight cancer by helping to find new drugs. This thread has more info, or you can PM me with questions/comments. I hope to finish the guide on how to start using UD soon
i have it right now. haha.
nsap @ filesharingtalk.com
Yup, firewall is busy blocking packets sent to port 135. Last week I saw more activity on the other two common RPC ports.
As always folks, a firewall, an up to date virus scanner, and the latest software patches keep you out of trouble. Add to those items prudence and common sense and enjoy a trouble free computer experience.
yeah, phalkon, i'm sure your fine, if you regularly update your system your protected. I'm just suprised at the number of people that don't, and it can be done automatically, it baffles the mind that some people don't realize exactly how dangerous being online is.
"One would like to believe in the freedom of music."
-Rush "Spirit of Radio"
My profile in Cnet's "Three I can't live without"
its not affecting windows 98 users but avg is a good virus scanner to use to protect against this and its free.
it contains a heuristics scanner built in, and can detect unknown viruses using varies factors.
nuff said.
i love all
What woul'd you guys recommend I get for a firewall? I'm on a network of 2 computers connnected to a DSL line by a wireless router.
I wouldn't sweat it Dcool. That Dlink router has pretty good built in security. I checked it out when I first got mine and in normal operating mode I went to some website www.dslreports.com and in their tools section is a bot that checks your ports for breaches and it found none. Now when you set up to sharefiles and you will share files :^) you have to sometimes setup special ports to open for that app. PM me if you need help in that area.
Want an alternative to the daily grind?
Integrity P2P All things p2p
P2PForums p2p community discussion
Beatking Music Forums Your music source
The Big Hack p2p political satire and copyright destruction
Variety is the spice of life!
Love your enemies for they will tell you your faults - Ben Franklin
I will. I actually don't have it set up yet but I'm gonna in about a week. Most of it's in the mail. Hope everything works.:wings
I patched one machine, left the other unpatched, and just as i finished a movie to switch to the uppatched machine, it was rebooting. I viewed the event log,
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 8/11/2003
Time: 9:58:31 PM
User: N/A
Computer: BLACK-OPS
Description:
The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Information
Event Source: DrWatson
Event Category: None
Event ID: 4097
Date: 8/11/2003
Time: 9:58:30 PM
User: N/A
Computer: BLACK-OPS
Description:
The application, C:\WINDOWS\system32\svchost.exe, generated an application error The error occurred on 08/11/2003 @ 21:58:30.530 The exception generated was c0000005 at address 0018759F (<nosymbols>)
Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 8/11/2003
Time: 9:59:41 PM
User: N/A
Computer: BLACK-OPS
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BF from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cp p. Please contact Microsoft Product Support Services to report this error.
I havent researched the events yet, but dont take any chances.
This machine was running a firewall, well configured. Use the Windows updates, and keep your antivirus up to date also.
I enjoy watching when things go awry and so far tonight I have watched news reports and info blast across the net like nothing else.
I saw on one site that hundreds of thousands of users will be infected by the end of this week. I am really interested to see the mainstream news reports tomorrow and to see how this will all play out.
This virus is supposed to focus an attack on the Windowsupdate.com site on Saturday, I am interested to see what happens then...
"There's a passage I got memorized. Ezekiel 25:17... I been sayin' that shit for years. And if you ever heard it, it meant your ass. I never really questioned what it meant. I thought it was just a cold-blooded thing to say to a motherfucker before you popped a cap in his ass. But I saw some shit this mornin' made me think twice… The truth is you're the weak. And I'm the tyranny of evil men. But I'm tryin', Ringo. I'm tryin' real hard to be a shepherd."
well i'm safe, still running windows me haha
Currently using eMule/BT/SLSK
Computer specs: Pathetic..need to buy new one
i'll finish my sites one day LOL
http://www.cardomain.com/id/BiZnOs79regal
http://myspace.com/bizno
yea i just helped a dude get thru this.. just delete the file in c:/windows/system32 and also delete its registry file in the run
Let me know what the deal was with this, b/c I just got back a few hours ago from my bro's house and was fixing it b/c it was going haywire.I havent researched the events yet, but dont take any chances.
This machine was running a firewall, well configured. Use the Windows updates, and keep your antivirus up to date also. [/B]
Come to find out, (after patching XP, updating virus definitions, and spybot) PC-Cillin 2000 caught the MSBlaster.exe in the C:/Windows/System folder and quarantined it as it was not "deleteable" at the time. At the same time, I also got the message you got. The machine rebooted in 1 minute.
He was running ZoneAlarm Pro, PC-Cillin w/ outdated definitions, on an XP machine (also a bit unpatched). I don't understand how he got it on his machine but he did.
u cant delete the file until u end process in the task manager
Posting Permissions
Reply With Quote
Bookmarks