W32 blaster worm

[h82w8]

I just heard on the news that the person behind this is going to try some shit on saturday!

 

[posol]

any links to an article on that?

 

[tedwright]

2 pcs both running xp, keep rebooting themselves out of no where, like every 3 minutes. patch saved the day.

i have an ibook now, does this shit still effect me?

 

[Havok]

Jesus, pay the 25 bucks for auto updates fron Norton, I have no clue what you guys are talking about.

 

[posol]

no, its me, nt, 2k, xp, 2k3 server only. <98 and macs don't have the procudural call service to even get into in the first place

the good news, is that with all this going around today, people at work were talking about moving to linux

 

[tedwright]

Originally posted by pissedoffsol@Aug 13 2003, 01:48 AM
<98 and macs don't have the procudural call service to even get into in the first place

riiiiight......... :nods head and smiles as if i have a clue:

 

[posol]

well, thats what this virus goes after.. port 135, is the "administration tools" port for deployment. 98 and below don't have these.... so theres nothing to get hit

 

[tedwright]

ahhh good shit, apple>microsoft

 

[posol]

no, not really. lol hackers no know that one important uses an apple, so why bother

 

[tedwright]

huh?

 

[cxjon]

Originally posted by pissedoffsol@Aug 13 2003, 01:38 AM
no, not really. lol hackers no know that one important uses an apple, so why bother

No, not really. lol hackers know on one important uses an apple, so why bother

 

[CRX-YEM]

Originally posted by pissedoffsol@Aug 13 2003, 02:48 AM
no, its me, nt, 2k, xp, 2k3 server only. <98 and macs don't have the procudural call service to even get into in the first place

the good news, is that with all this going around today, people at work were talking about moving to linux

moving to linux will be mucho easier w/ novells new acquisition of Xiamian
Xiamian is a linux Desktop which runs all windows applications

 

[Havok]

Originally posted by 92CivicCx+Aug 13 2003, 09:04 AM-->

pissedoffsol

@Aug 13 2003, 01:38 AM
no, not really.  lol hackers no know that one important uses an apple, so why bother

No, not really. lol hackers know on one important uses an apple, so why bother

Jesus christ, you suys fucking suck.

No, not really, lol. Hackers know that no one important uses an apple, so why bother

 

[Bob Vila]

Originally posted by pissedoffsol@Aug 13 2003, 01:48 AM
no, its me, nt, 2k, xp, 2k3 server only. <98 and macs don't have the procudural call service to even get into in the first place

the good news, is that with all this going around today, people at work were talking about moving to linux

actually ME isnt part of that, since its 98 in disguise

 

[posol]

ME has the RPC port though, and thus it is vurnelarble

 

[mdlax1]

(quote symantec)

Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me, Windows NT


(quote microsoft *like we trust them anyway*)

Affected Software:

Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Serverâ„¢ 2003
Not Affected Software:

Microsoft Windows Millennium Edition


i dont think they are on the same port as 2000 and XP ( i think ) thas why it's not effected

Bri is this a random infection or is it infected by calling something if it's in the RPC it's random correct? pretty much when ever windows decides to do an update check?

if this is the case than theoretically everyone should get it on those systems? unless it's stampped out. how does it target a ip?

 

[NoJokE]

Originally posted by Afipunk21+Aug 13 2003, 10:22 AM-->

Originally posted by 92CivicCx@Aug 13 2003, 09:04 AM
pissedoffsol

@Aug 13 2003, 01:38 AM
no, not really.  lol hackers no know that one important uses an apple, so why bother

No, not really. lol hackers know on one important uses an apple, so why bother

Jesus christ, you suys fucking suck.

No, not really, lol. Hackers know that no one important uses an apple, so why bother

Jesus christ, you guys fucking suck.

 

[posol]

Originally posted by HybridRevolution@Aug 13 2003, 05:02 PM
Bri is this a random infection or is it infected by calling something if it's in the RPC it's random correct? pretty much when ever windows decides to do an update check?

if this is the case than theoretically everyone should get it on those systems? unless it's stampped out. how does it target a ip?

it comes from anywhere, and attacks you based on your IP number.

symantic had a write up on it...

Generates an IP address and attempts to infect the computer that has that address. The IP address is generated according to the following algorithms:

For 40% of the time, the generated IP address is of the form A.B.C.0, where A and B are equal to the first two parts of the infected computer's IP address.

C is also calculated by the third part of the infected system's IP address; however, for 40% of the time the worm checks whether C is greater than 20. If so, a random value less than 20 is subtracted from C. Once the IP address is calculated, the worm will attempt to find and exploit a computer with the IP address A.B.C.0.

The worm will then increment the 0 part of the IP address by 1, attempting to find and exploit other computers based on the new IP address, until it reaches 254.

 

[BodyDroppedNikes]

i got that damn virus yesterday evening and d/l that thing that Symantic has to scan the hd and get rid of it and now my pc is now clean. no problemo now

 

[lsvtec]

Be prepared to write any tool that you want.

Don't get me wrong I love linux for people that are computer literate, but it is the absolute wrong choice for someone that barely knows how to use a mouse.

Brian, every PC that I have updated (prior to this worm) has not had a problem, are you sure the patch from MS doesn't fix it?