Merged: W32 Blaster Virus

[Agent57]

After spending a few hours trying to figure out wtf was going on with my PC shutting itself down with a reported RPC service error I figured out it is because of a fekin virus attack. This one doesn't require you to d/l anything or open any emails... it just appears by magic (With a little help from another M$ hole)

NTL have issued an alert in their service page, but I thought it might be worth repeating it here...


ntlhome Internet Customers using Windows XP/2000/NT
ntlhome customers may currently be experiencing problems with their PC arising from a Windows vulnerability.

This looks to be related to a new internet virus/worm discovered today.

For detailed info and ways to restore service please see the following links.

The following link will direct you to a Microsoft page with instructions on how to install a patch which will restore service :-

http://www.microsoft.com/technet/tre...n/MS03-026.asp

This link contains more specific information about the worm and instructions on how to remove it :-

http://securityresponse.symantec.com...ster.worm.html

Windows XP users may also want to enable the inbuilt firewall option. Instructions on how to do so can be found at :-

http://support.microsoft.com/default...;en-us;q283673

[Lord Nikon]

Oops Still, you know where to look to keep abreast of PC Problems

[kronas]

Quote:

Originally posted by Lord Nikon
Oops Still, you know where to look to keep abreast of PC Problems

yep i do oh well have the task of patching there yes 2 peeps os's and getting firewall and antivirus for them

*gotta start charging for my services damn it

m pc has been fine been up for a few days updated defintions firewall at full strength patched xp

*is glad he is sensible at always having antivrus and firewall software looking after his pc

not any old crap either :p

[Lord Nikon]

Hence my use of Sygate Pro and Norton Systemworks (set to update daily)

Running tests at a few places, system is Stealthed all the way through no ports open, all attacks logged, Norton keeps on top of windows errors and keeps me virus free... once a month I check at housecall from trend micro just to be certain the AV system wasn't compromised etc lol

[Richard M]

It seems to be getting worse:
http://isc.incidents.org/port_details.html?port=135

[zoombini]

Maybe its just best to turn the PC off and leave it off for a few days till it goes away...lol

[Richard M]

Don't think it will, it's programmed to infect machines until June 2004.

[Alan Waddington]

It's just less then a month since the hotfix for that came out. Looks like we need to keep applying those hotfixes! Thank goodness for my router (which is set up to explicitly block those ports).

[Mark W]

well, hats off to my housemate Pritch and his homemade router - its done the biz and kept me XP safe

[Richard M]

Aaahh....I love Linux.
</smug mode>

[Alan Waddington]

For those of you feeling complacent. Take a look at my router log

Code:

IP                      Port
220.108.64.50  137 
66.156.224.88  137 
80.5.234.145    135 
80.6.26.155      135 
81.212.101.126 137 
80.6.24.1          135 
80.6.41.100      135 
80.6.38.84        135 
80.6.19.116      135 
80.5.171.23      135 
80.6.19.188      135 
210.82.112.58  57680 
4.46.170.151    137 
80.6.41.98        135 
80.5.216.205    135 
80.4.7.6            135 
80.6.34.36        135 
80.5.140.92      135 
80.4.194.150    135 
63.201.48.35    135 
212.160.18.64  137 
203.58.22.85    137 
81.49.216.130  137 
80.6.43.37        135 
81.34.140.84    137

and lots more of the same.
Looks like 135 attacks have taken over from 137 attacks.

[zoombini]

I bet all those that got a router (with NAT FW) so they can play XBL are glad too...

[Richard M]

I still can't believe that they haven't fired some senior people in that company.
They charge like £200 for a copy of Windows and make the worst OS known to man.
I've lost count of the number of large-scale exploits M$ systems have had in the last year.

What a load of BS.

...and they complain that people hate them and that Open Source is their biggest threat...damn right it is.

Quote:

Originally posted by Alan Waddington
For those of you feeling complacent. Take a look at my router log

Code:

IP                      Port
220.108.64.50  137 
66.156.224.88  137 
80.5.234.145    135 
80.6.26.155      135 
81.212.101.126 137 
80.6.24.1          135 
80.6.41.100      135 
80.6.38.84        135 
80.6.19.116      135 
80.5.171.23      135 
80.6.19.188      135 
210.82.112.58  57680 
4.46.170.151    137 
80.6.41.98        135 
80.5.216.205    135 
80.4.7.6            135 
80.6.34.36        135 
80.5.140.92      135 
80.4.194.150    135 
63.201.48.35    135 
212.160.18.64  137 
203.58.22.85    137 
81.49.216.130  137 
80.6.43.37        135 
81.34.140.84    137

and lots more of the same.
Looks like 135 attacks have taken over from 137 attacks.

Same here

80.4.127.211 139
80.4.195.246 135
80.4.161.49 135
80.4.165.187 135
196.44.174.222 137
80.4.127.211 139
12.148.162.155 135
213.104.180.24 135
80.4.90.141 135
64.230.150.61 137
80.4.127.211 139

- and many more

NAT doing it's job thank goodness!

[philip.j.fry]

I have to say, I'm feeling pretty dissapointed that my router logs show no access attempts, *sniff* my pc must not be good enough