I run a website design company but, because it grew from a hobby, I also have an interest in PC Security. I get to play with nice pirces of kit at my company's expense and I currently lurk behind a D-Link DI-614+.

The program came about from a discussion with a friend of mine who writes shareware in VB and who was getting hammered as well. It started out as an intellectual excersise really, and once we found a way to get a message back to infected people then it kinda grew from there into a small app you can run on your desktop.

One thing to note: Most of the machines hitting us don't appear to be protected at all. You can access the drives remotely using 'backslash-blackslash-ip' (eg: \\11.22.33.44) and most of them will show a list of shared directories, so it turns out that this worm is advertising open machines.

Just doing our part :)

I did consider 'net send'ing to folks during the worst of the Bugbear attacks, but refrained after having had a bad experience after replying to the sender of an email virus.

In that case, the receipent of my well-meaning note, thought that I'd caused the virus infestation of his PC, rather than being the receipient of the virus email that he had sent. He thoughtfully copied his flame to the postmaster at my ISP. Fortunately my ISP had better sense then to get involved.

On a more positive note, the Messenger service displays your machine name rather than you IP address (I think), so Mr Angry would be unlikely to be in contact.

Yours cautiously,
Alan

Is that today? Yesterday was extremely busy but this morning I'm down to 43 in the last hour.

Hmm, I can see plenty of wannabe hackers taking advantage of this then, going through thier firewall logs and finding out who's PC they can visit.

I'm starting to feel a bit jealous, I've had none as of this morning. But then again I am behind layered firewalls beginning with a D-Link 614+ and ending with SuSE firewall.

Ah Well :-)

Regards,

Ben

I had hoped that people would have wised up after the Bugbear attacks.

Excellent, I have a few friends that are computer illiterate and think that a virus scanner and firewall are for paranoid people.
How I could have strangled them last night when they came screaming for help.
Your app may have come in handy, then they could sort it for themselves.

I've just got a jump in port 4444 scans, and for some reason I'm getting a lot of port 3's from a single IP and 62002's from another - anyone else seeing this?

In the router config, go to the Status tab, click on Log and then the grey Log Settings button. Tick all the checkboxes, enter smtp.ntlworld.com as the SMTP server and an email address in the other box. You should receive an email every time the log fills up - which it will. :D

One of the first things I did when I got the router, the only activity is when I either ssh into my box or connect via my handheld. No activity on ports 135 or 4444 what so ever.

Looks like I've beaten the odds so far on the probes, still I'll check again tonight and run netstat JIC

Regards,

Ben

Well that is funny - Broadband was a requirement for both my Redhat and Mandrake installs. After install the first udates (security) added up to around 40 - 60Mb for each Distro!

Fine if you want to sit back being complacent thinking it will never happen to me - so be it.

This is the last I am going to say on the matter as it is clear that you seem to think your are invunerable to any exploit or virus!

I'm responding to 135 and 4444 with the messages so they don't appear in the router logs, but I'm getting loads of scans on port 3 which, according to GRC.com, is "compressnet, Compression Process". I seem to get a block of scans/attempts all from the same IPs, currently 80.0.190.120 and 80.1.192.146 - what the...?

Now your putting words into my mouth. At no point have I said that I am invuneranble to exploits and viruses, at no point have I said that I am complacent. I am anything but and have just spent the morning updating several SuSE pro servers and one SLOX machine.

I have been saying that due to the nature by which Linux has been created and the security models used, that it offers far, far superiour protection against viruses and has far fewer actually useful exploits than its competitor. You have been responding with inane statements and worthless generalities, at no time countering the points I raised.

Edit: For the spectators :) The 40 - 60 Meg downloads our helldesk slave is refering to include things such as an optimised kernel (20Megs easy), Product updates (not security related), Drivers that are not allowed to be commercially distributed (such as nVidia), Font packs (such as MS's) a few additonal programs that they would have liked to include on the disks but left off by mistake or due to lack of space and updates and security patches for _every_ piece of software that the update manager can detect.

This doesnt even remotely compare with windows update which only offers critical fixes and MS only product updates, complete with altered EULA's.

Regards,

Ben

Anybody else waiting for the scream? :D

Regards,

Ben

No that was yesterday, between 1700 and 1800.

Well between 14.36 and 15.36 I have had 56 on pot 135 and I catn seem to get Kazza lite or piolet to connect, but overnet seems to work fine. Do you think it could be connected?

well i'm glad now that i'm with an isp that knows what they are doing and not ntl, as soon as this virus started lurking its head my isp (plusnet) blocked the two ports involved on there end so that even vunerable machines wont get infected as no data can get through. They then let us know that they had done this and recomended on getting the updates as well.

If anyone wants to move over to them now let me know as they do a referal scheme which gives you a discount off your bill for refereing someone else to them :-)

K

Ps about linux, the reason you dont see many updates for them is because they update entire distros frequently, suse 8.2 is only a few months old 8.1 is less than a year old etc

Is there something I should know? :)

The program is available online btw:
http://www.tnk-bootblock.co.uk/prods...terBlaster.zip

I've lost count of the number I've had - stopped counting at 50 (in 25 minutes). Have scanned my pc for viruses and it's ok, and have up to date McAffee - will that do? :confused:

If you take another read of what I wrote very carefully you will notice that I said that the 40-60Mb updates WERE SECURITY RELATED! The full update including non-security related came to over 150Mb! Oh and there was no optimized kernal included in those downloads.

Just for the record I do not do helpdesk. Not all support analysts are helpdesk. I am actually part of system services which looks after servers - no user interaction at all.

my mate had the this last nite all sorted within a few minutes thanks to the valuable info here :D (well i had to sort it for him) all because he took his firewall off because it blocked him on msn what a dope:rolleyes: btw anyone know why i keep gettin icmp echo requests (ping) from an 81 range ip, had 7 today and about the same last nite ,zonealarm is showing them in the log ....atb marc

Well you last post ended rather ominously, kind of 'the router has just burst into flames' ending :)

Quote:

The program is available online btw: http://www.tnk-bootblock.co.uk/prods...terBlaster.zip

Well Done!! Regretably I'm severely alergic to VB :D

Regards,

Ben

Then prehaps you should switch your distro. I had to do a clean install of SuSE 8.2 last week due to me rendering it unbootable playing about with the kernel. Install and update took me a total of 45 mins.

And again, I note that you are completely ignoring the points I raised in my previous posts.

Quote:

Just for the record I do not do helpdesk. Not all support analysts are helpdesk. I am actually part of system services which looks after servers - no user interaction at all.

I can well imagine that they wouldn't let you interact with customers.

Excuse me! Is this the thread for merged:W32 Blaster Virus?Only it's hard to tell due to the fact of you two being all macho about OS's.How about continuing this spat in private?

Thank you.

Incog.:cool:

If it aint broke don't fix it... well until someone spots the flaw 8 years down the line ;).

I get extremely concerned about the number of kernel updates with Linux (many security related, especially the ICMP flaw). This is the core of the operating system and should be solid and stable with no need to update on a regular basis. What's so cool about having a "new" kernel all the time? I update a lot of stuff on RedHat without worrying too much, but the kernel updates I investigate thoroghly just to see what's been changed.

That's what I like about the NT line of Windows. It's still good old solid NT kernel underneath that I can trust and each version builds on it's core stability. The bugs are all with the add-ons. Sure, they are considered "part" of the OS because Microsoft wrote them all (or at least bought the companies that did ;)). It's no different with Linux apart from who "owns" what. It's still a core kernel and OS and then other apps on top.

As a developer in a commercial environment, I hate open-source. It really slows down the development process and you end up fixing everyone elses bugs just to get things working, which ultimately costs the company more in man-hours. I've experienced this a lot and I'd much rather the company pays for a commercial product, thoroughly tested by professionals, with certification and decent QA (rather than testing by 1000s of 12 year olds who don't have huge salaries and a job at stake as their incentive to ensure quality ;)

It happens every time a security flaw occurs in Windows.

I use Windows (NT,2k,XP), Linux, Solaris and AIX, and they all have their flaws including security flaws. I know which I prefer, but that's my preference. However you won't find Windows users getting smug about their OS every time a security hole is found in Linux.

Just the way it is really. Bill has made a heck of a lot of money, many of us have nicely paid jobs thanks to him, and I guess some people can't accept that.

:shrug:

Well done that man. Well, Bill pays my wages and we also get hit by the same things as everyone else here. Viral etc. As I said before, everything is open to exploitation whether it be Microsoft, Linux, Solaris.

Hope so, thats what I've got:D
....you do have McAfee firewall as well?

Can you keep the personal insults out of this please.

What my job entails and whether I am good at customer care / services is not really any of your business. I have done low level tech support and worked my way up to a more senior position with a very good proven track record.

Plus trying to cast aspersions on my abilities is not the best way to win an argument - as they say those who resort to insults tend to have lost the argument.

Yes I am ignoring the points as I just don't desire to argue with you about how perfect Linux is anymore! It is getting very boring.

Absa-fu*kin-lutely:D

Sorry Incog - didn't really mean to drag this into a Win v Linux war.

I just get a little sick and tired of fixing problems by those who have got complacent and think that nothing serious will happen to them, regardless of whether they run Win, Unix, BSD-based or Linux.

This is what I have been trying to say.

Trust me I am not a foaming at the mouth Windows can do no wrong devotee - I know it has major flaws, just as all OS's have.

I obviously made a mistake and took the bait - and for that I appologize to everyone else on this thread. :o

This is definately the last I am going to say on the matter.

Right back on topic - sort of anyway.

I hope the majority of you have patched yourselves now.

The same exploit that the blaster virus uses can also be used by a third party to open a remote desktop session - once they have changed the password for the admin account (which is another reason why you should rename the default admin account).

Also the next gen of RPC exploit viruses will have much more devestating payloads - although this one will very likely hit MS pretty hard.

It's still going like crazy. I consistently get about 20 in ten minutes. I am very happy with my router ;)

The kernel is under constant development 24 hours a day as a result the development cycle is way, way faster than a commercial program hence their can be 2 kernels released in a single week. However you do not have to install them or even patch them. One of our Postgre servers is still running on 2.4.6/SuSE 7.3 without any stability problems and has been running non-stop since it was turned on 18 months ago.


Solid, Stable, Trust and NT do not belong in the same sentance. NT is essentially a fancy microkernel similar to the Herd, Linux is monolithic. Monolithic kernels are inherently stable due to the lack of intercommunication betwen the processes. Sure they've come a long way from NT4 to NT5.1, but the uptimes dont even begin to compare.

Also you've failed to say why MS marketing department (which lets face it is the real sucess of the company) had NT 5 renamed to 2000...


And here we come to the rub, let me guess, your a .NET developer. The same .NET that Gartner pointed out was a huge security nightmare.

Well I'm also a developer, mainly for 8 and 16 bit microprocessors using C and ASM for R&D companies and I can categorically state that open source software is by far superiour to its closed source equivalent. GCC and GDB are frikkin godsends (and this is from an Atheist). OOo outperforms Office without breaking a sweat. MySQL and Postgre walk all over SQL Server because they actually follow the ANSI standards, likewise with Mozilla and likely Chandler. A couple of months back I saved an art department £30K by showing them the GIMP for 15 mins rather than Photoshop. Heck you can now even get groupware free thanks to skyrix from http://opengroupware.org . Apache runs some 60+% of the worlds webservers, compared to IIS 30%. The list goes on and on.

As for your claims of testing, well I guess you never heared of the OSDL? Or the way IBM, Oracle, Novell, SUN et all are fully behind linux and do alot of the testing in conjunction with the major distros. Infact the only major software company that isnt backing Linux is your paymaster. Their too busy being afraid of it and using others to spread FUD.

The only 12 year olds writing wild code are the script kiddies making your paymasters customers/victims life unplesant. :)

Regards,

Ben

So in other words, you cannot give any intelligent counters to the points I raised, I'm a nasty horrible person, and your running away.

How very irritating, as I would like to know where I said that Linux was perfect, but I would guess that you would have ignored that as well and continue whining about how horrible a person I am.

Its a continuation of a thread from about 2 merges ago.

My apologies for the amount of noise its generating, its just that I do not like to see people post half truths and overgeneralisations, and then to walk away from it without backing up their statements in detail.

If it bothers you that much then you can request the intervention of a Moderator or killfile a poster from your control panel.

Regards,

Ben

So why is W32 Blaster Virus the main part of the thread title?:shrug:

Incog :cool:

They'll be dancing in their seats if a far ranging exploitable hole is ever uncovered and then takes days rather than the customary hours for a patch to be release.

Now for a little fact. As a direct result of the open source model that your so scornful of, patches for security exploits are released an average of 6 - 10 times faster than the windows equivalent.

Quote:

Just the way it is really. Bill has made a heck of a lot of money, many of us have nicely paid jobs thanks to him, and I guess some people can't accept that. :shrug:

I can fully accept that Bill, Paul and Steve has made an astounding amount of money. They are true icons of the capitalist system that I support. Despite their desire for communism in the computer market.

I can also accept as a direct result of microsofts anti competitive and anti capitalist corporate policy that they've held the computer industry back by about 10 years.

I can also accept that like with all technology, windows and microsofts time is coming to an end with the advent of something new and better, called GNU/Linux.

And I can also accept that in about 20 - 30 years from now, GNU/Linux time would have passed and something else will take its place. Probably based on the OS model, possibly not.

The real problem is the people who can not and will not accept that. But I have no doubt that the markety will provide for them :shrug:

Regards,

Ben

You guessed wrong ;)

The company I work for writes enterprise level software with a large emphasis on portable code in strict C++ (mainly using the raw language and STL), that runs under both unix and Windows (NT line) operating systems. There's no hint of .Net in there and there's not likely to be with the current business strategy. The back-end (majority of the software) is completely platform independent and the UI is a split between platform independent web server code (runs on any web server, CGI based XML/XSL transform engine) and a Windows specific user application.

We're talking mission critical here in some cases which is why we have no customers requesting linux support. All the unix platforms are Solaris, AIX, HP-UX, etc. Windows platforms are server level (2000, 2003 server, clusters, etc). Client side is partly whatever runs a browser (yes, we support Mozilla), and 2k/XP for the Windows app.

We have a strict rule of keeping 3rd party software to a minimum because of the support nightmare we have with them. Open source software has cost a fortune due to the complexities of getting their software fixed. They won't fix it, and why should they when we didn't pay for it and they're not getting paid either, so they expect us to fix it. Commercial software we've used comes with a maintenance contact, one call and a bunch of enthusiastic well paid developers get on the case and a fix can arrive next day. Same with Microsoft if you pay them enough on support, but consider how much it costs a highly paid developer to waste time trying to fix it themselves over many months (trust me, I've suffered the pain).


Gimp vs Photoshop... https://www.cableforum.co.uk/images/local/2003/09/4.gif

Apart from Photoshop not being specifically "Windows", even Mac users would disagree that Gimp is the choice over Photoshop :D.

Though obviously if they're using Photoshop for way under what it's designed for, then there's a cost saving but the same could be said of picking 'Paint' over Photoshop (or even PaintShopPro). All depends what you're using it for, but it's not a fair comparison.


Who cares? It's marketing, and an inspired choice. It sold more software and makes me more money. I'd have a much harder time (and be worse off) working for a linux blinkered company rather than one who embraces all operating systems and doesn't have it in for anything "Microsoft".

It started out as RPC/Reboot virus. One of the mods quipped how smug and safe he felt behind his mandrake 9.1 (a very, very newbie friendly distro available for download if your interested) and it all started from there.

Regards,

Ben

Don't really agree with that. We'd all be bearded sandle wearing freaks still typing obscure command lines if it wasn't for Microsoft.

It's quite funny the split between the unix lovers and microsoft lovers in our company. One bunch are obssessed with cryptic commands that no one else understands, and the others wouldn't touch a command prompt with a barge poll :D. Still, we're learning off each other and I have to say the unix bunch are adopting a few MS things... because in some cases it makes life a little easier, which is what MS are about. Since adopting unix, many of the MS fans are far more aware of unix and it's roll in the industry.

There's a place for both, and the sooner we get off the smug "linux doesn't have this problem... so, ner!" attitudes the faster the industry can get on and evolve (I'm still waiting for the day a linux magazine manages to go one single issue without taking a swipe at Microsoft and actually getting down to something constructive).

time to unsubscribe.

Incog.:td:

No - I just no longer want to argue with a person who questions others abilities and insults them (as you are trying to do again here) to try and prove they are right.

If you do a little research you will see that there are pretty far ranging exploits on pretty much all OS's and many different open and closed source software products.

One pretty serious vulnerability was with SSH and an exploit that would allow a 3rd party to run code with the same privileges as the ssh process.

How about one that affected the Sun RPC XDL library that could lead to the running of arbitrary code.

I suggest you take a look at somewhere like the CVE or CERT a little more often.

Now this is the last I am saying on this as everyone on this thread is getting bored with this, as am I.

Sorry Incog - didn't intend this to happen.

:notopic:

Can we please try and keep this on topic as it is an important and informative thread at the moment

I don't think people should have to go through pages of off topic remarks as the thread is getting big enough as it is :)

Here Here- I totally agree.

We have Unix, Linux, Win and a few Macsfor page layout, oh and a couple of BSD based equilizers for the website in out network, and the two camps are very slowly starting to mellow to each other as they start learning about the other platforms.

ps. This is definately my last post - as if this continues I'm certain the mods will close the thread.

https://www.cableforum.co.uk/images/local/2003/08/3.gif I'll stop now.

Interesting, and a little surprised that your not using Bison++. But not at all surprised that no ones requesting linux support. Its a technology thats coming rather than here. Hence the reason merryl lynch has it running on VMware and waiting for the release of 2.6 before deploying it fully. Likewise with the french and german governments


Nice, if your developing a new product from scratch with only a speculative market and minimal funding, then MS and other closed source vendors couldnt care less so you have to do it yourself, which is impossible with closed source software.

As for the problems with open software, did it never occur to you to pay the developer a few thousand to fix your problems. Its how we got the load balancing program for our thin client solution.

There are apparently things that the GIMP can do that photoshop cant and vice versa. I dont know art software or what they were using it for. Hell I was literally asked 4 hours before they had to make the decision, still the GIMP, currently running under windows but will be switched to linux met their requirements and made them very happy.

[quote]Also you've failed to say why MS marketing department (which lets face it is the real sucess of the company) had NT 5 renamed to 2000...
[quote]

Good for you, and the answer is because of the utter mess that is NT4. MS Marketing decided to rename it 2000 ( like windiscale became sellafield). They still had, and have still lousy sales. Hence the reason to go ahead with license 6 and why Linux is picking up their losses.

Regards,

Ben

Actually if I wanted to insult you I'd be going for the throat, like your website. At the moment I just want to make sure you dont have the last word.

Quote:

If you do a little research you will see that there are pretty far ranging exploits on pretty much all OS's and many different open and closed source software products.

I know this, I have told you I know this and given you reasons to why Linux is more secure, which you have ignored to continue repeating the above like a mantra.

Quote:

One pretty serious vulnerability was with SSH and an exploit that would allow a 3rd party to run code with the same privileges as the ssh process.

There are two exploits still for this, neither are publically known and work is being done to resolve them, and you do not have to have a ssh server running on a linux or unix box, nor a telnet or web or ftp. NONE are enabled by default.

Quote:

How about one that affected the Sun RPC XDL library that could lead to the running of arbitrary code.

Could and Might play a large part in your vocab dont they.

Quote:

I suggest you take a look at somewhere like the CVE or CERT a little more often.

I do, difference is that I understand them and the threat that they pose to my machines. As I said to deadkenny, $100,000 prize if you can break the firewall that we use.

Quote:

Now this is the last I am saying on this as everyone on this thread is getting bored with this, as am I.

You've already said this once.

:eeek: sorry missed this.

By your command.

:D

I've had 156 hits on 135 since 18.30 & 15 on 445

Still no hits here. I was playing about with a 2k machine earlier today using zone alarm as a firewall. I activated the stealth option and that seemed to dramatically reduce the number of hits.

Prehaps worth a try.

Best,

Ben

Lol. If an unprotected system gets infected and tries to infect yours it will not know whether you have a firewall or not. All you can do is prevent hits from getting through your firewall, not prevent them from hitting it.

Related note.

As I have the alerts turned off in Zone Alarn and usually just let it do its job etc.

Where can you see the port number the hits are attacking.

I use a program called Visual Zone which is free from

http://visualize.phenominet.com/

Try it, you'll like it.

Not quite sure if this is what you're after, but under 'alerts' you have the option of showing the popup window, or logging alerts to a file. Enable either.

Thx people but have turned of the alert pop ups as it get quite annoying but however found if i look at the alerts in zone alarm the bottom box shows the port.

Only had 10 or so in the last couple of hours so not too bad.

Fu*k knows....this threads got nothing to do with it:shrug: :(

McAfee firewall does much the same:)

If you load Visual Zone you can keep the popups turned off. Visual Zone just takes the log file from Zone Alarm and produces a much better and more detailed report. Just leave its icon sitting in the system tray and use it to open visual zone up every now and then to see what is happening. Mine is showing over a thousand hits of various types today. You can rearrange the output in many ways and call up attack details on each attack including whois and location of attacker. Go on and give it a try.

Thanks Ben

sorry - I should have said attempted hits - I'm behind a NAT router & was just relaying my log results. :)

I do, also run Zone Alarm Pro - which, so far shows no activity. :cool:

Gaz

Thx for that, where do i find this visual zone ??

Running ZA Pro Version 3.5.169.002

Thx again.

http://www.visualizesoftware.com/

latest ZoneAlarm Pro is 4.0.123.012

http://visualize.phenominet.com/


EDIT. Homealone beat me to it. Both addresses lead to same info.

lol

gotta say that for peeps with Linksys routers the logviewer

here

is excellent - it gives you something to look at when nothing gets through to Zone Alarm!

Gaz:)

Funny you should mention that. I just decided to upgrade to the latest version of zonealarm, and I spent the last half hour or so trying to get logviewer to work again. The logs just aren't coming through, even though I gave it server rights. (and it was working fine before I upgraded zonealarm:mad: :confused:

Edit: and the attacks are coming through to logviewer the moment I witch zonealarm off...

u using version 1.57 of logviewer? Maybe try uninstall & re-install?

i.e. I had upgraded Zone Alarm before I installed Logviewer?

Mine is set at ask for access & def no server?

I actually downloaded it today. Have tried uninstall/reinstall, uninstall and reboot before reinstall. etc. I'm probably overlooking something silly here, but it's not working, and the moment I switch off zonealarm, it's showing the logs... Maybe the new version of zonealarm?

edit: Using version 3.0 of logviewer

we could actually be talking about different programs with the same / similar name?

The one I'm running is at the link

http://home.debitel.net/user/svenschaef/logview/

- what's yours? :)

Gaz

Lol. Mine's from linksys, and it's called logviewer as well. Seeing you mentioned people with Linksys routers... :D.
Anyway I see yours is for Norton Internet Security, which I don't use. Just keep mucking about I guess. I'm sure I will press the right button at some point ;)

Check out the d/l from my link - it does work with Linksys routers ( well my BEFSR41 anyway) as an SNMP logging client - much better than the Linksys log viewer- graphs, tracerts, whois - give it a go?

Gaz

Doing that right now. Sounds good.

Cheers,

Daniel

It has been suggested that although this is a virus/worm its not too bad really.

Whats it do, shut down your Windows pc & popup a few messages, anything else?

AFAIKR it does not harm any data.
It appears it is only and attempt by someone who has found a flaw in the system to get MS to do something about it, not by telling them directly and getting ignored but publicly?

I think we should be thankful the person who did this was not malicious.

At the same time it is able to make people more aware of the need to run firewalls, as thats what will be likely advised when they talk to someone more informed about PC's or get information on removing it. Hopefully this will also remove the
consequences of what it has done in telling everyone else that they are unprotected.

Although behind adequate firewall protection myself, some of the people that I know had it. Hopefully not too many people will format their PC in an attempt to remove it.

Looks like a new variant - MSBlaster, which is set to initiate a Denial of service attack on windowsupdate.com this saturday

Thing is... MS's update site is windowsupdate.microsoft.com so they messed up slightly, presumably MS will redirect the windowsupdate.com to 127.0.0.1 or something in the DNS tables so the attack will do nothing.


Hopefully.... Still, this is MS we are talking about so.....

the worm has the ability to execute any command on the pc
how about a quick format that wouldn't do your data much good.
as it is the worm is coded to just issue the shutdown command
but it could get a lot worse.
also the port hits on 135 are not getting any less I'm up to 157 today so there is still a lot of un patched pc's out there

One thing I was wondering. Having the worm shut down the pc doesn't help its propagation. Apparently, the author isn't out to cause major damage (even to Microsoft), or am I overlooking something?

FFS just grow up and act a little more mature.

There are reason why I ignored your posts mainly because I don't want to get into an argument about whether Linux is better than Windows or not - personally I don't care.

Yes I keep mentioning about exploits because you seem to be so taken up with your own abilities that it is bordering on arrogance.

As for could and might - well that is not my vocabulary, but that of the people that issue the adviseries. If you don't like it then take it up with them.

As I said before, please refrain from trying to belittle my comments by questioning my abilities - as I doubt that you are really impressing anyone with them and they are sadly very far from the truth.


To the Mods don't bother replying as I have got bored with this whole forum - delete this account as you see fit.

My point exactly... is this a simple "point" being made or a pre- emptive strike before the next version that does the damage?

No need - everyone just step back and take a breather please.

The worm is not supposed to harm your PC but it is unstable and often terminates an important system process when you are online, this is why infected PCs restart after a couple of minutes online.

It is designed to send copies of itself to a range of IP addresses, starting in the same range as your own. If your IP address started with 81 for example, it would attempt to distribute itself around other people whose IP addresses also start with 81.

If it cannot send itself it basically crashes, which is why you see your PC restart. By this time though it has probably sent itself many times.

Sort of true. The worm contains the exploit code for both Win2K systems and WinXP systems - the two exploits are different. The worm (being incredibly badly written) has no way of working out whether the system it is running on is Win2K or WinXP and so runs one of the exploit codes randomly (I gather it's 60% XP code and 40% 2K code). If it runs the wrong code for your version of Windows, this causes a crash that results in the shutdown.

The worry is that a new variant of the worm will get written that does check the version of Windows you're running and so only run the correct exploit. This way you won't get the shutdowns - and so won't be aware you've got it...

http://msblast.cjb.net has received over a hundred visitors today despite not being promoted - it somehow found it's way into Google et al within 24 hours.

I've updated the page with links to AV and FW sites, and mirrored the MS patches in case WindowsUpdate goes down under the weight of panicking users - hope NTL don't mind :)

But you will be able to download the patch no problem !! :D :D

(Unless that gets blocked .. :eek: which would be a worry !)

Anyway, why should I worry, I'm using 98SE :D :D

You could also add links to Avast! AV (free and a good record) and Sygate FW (also free and v good) ;) ;)

Thanks - will add those shortly.
Edit: done.

I had 1600 in my ZA log from Tuesday and Wednesday, with it not looking like it was dropping off.

My PC is set to auto run windows update and had patched itself on 20 July. Cool.

The actual payload of the worm isnt intended to do serious damage to your pc, rather it appears to be gearing up for a DDOS attack against windowsupdate on the 16th. However given the publicity surrounding MS Blaster, it appears that it has already happened by users updating :D

For those of you still without protection, try the technet site which has been distributing the patch for over a month, while windowsupdate was crippling the acrobat plugin for IE because of a highly theoretical exploit, oddly enough just as M$ own pdf plugin goes into late beta.

Regards,

Ben

I could allways /. it for you. It'll be a good test of NTL's servers :devsmoke:

Regards,

Ben

Don't you dare! :) The single page is on my own server, not NTL, but SlashDot... oh man. I don't want the poor box to melt :)

Hi danielf - how did it go with LogViewer?

- I only got it recently & have, so far, found it invaluable for following the traffic trying to probe my ports during the - continuing - blaster worm phenomenon. :)

:notopic: and 'cos it shows outbound stuff as well, you can see the connects when you do a normal port 80, as well - quite interesting when browsing forums ;)

A friend of mine was /.ed a few months back. We had to drag him out of the reminants of his server :D

I tried it and liked it, but am back to the linksys logviewer again (which also shows outbound traffic). I think I prefer the simplicity of the linksys one (I haven't really decided on one yet).

Oh, and it wasn't working earler as I did a clean install of Zonealarm, and forgot to add the router ip to the trusted zone...

But thanks for your help;)

thanks, just saying what works for me - & thankyou for sharing your thought's too:)

Morning!

I see the worm still going round - any predictions on how long it's going to survive? :)

BlastBack v1.10 is available and now finds and kills W32.Blaster.Worm on your machine from both HD and RAM with continuous background scans.

Here's the usual page.

Direct link to BlastBack.

The "experts" are quoting 2 or 3 years...

Didn't the 'experts' say something similar about putting out the Kuwait oil fires ?????????

IMO it won't take that long for everyone to clean their machines and protect them, then msblaster will have nowhere to go ??

According to this: http://www.pcmag.com/print_article/0...a=45789,00.asp there are around 211million PCs running XP alone, maybe up to 300million running 2k/XP.

There's always going to be a few that still have the worm or have no firewall there's always somebody in the world running a new install of XP with no patches.
This is why the worm will live for so long. :)

Code Red is still going strong. I get attempted attacks almost daily on my web server logs, half of which come from NTL customers :eek:.

Yes, had the privacy thing on trial but it kept stopping me from getting online - CS told me to diable it and the trial spam killer as well! :shrug: