MSBlast has a new lease on life!
-
The infamous Blaster worm gets a second chance! According to Brian Livingston, author of the original Windows Secrets series of books, the patch to fix the RPC flaws in most current versions of Windows (MS03-026) is undone by Win2K's SP4! :laugh::laugh: If you update to SP4, the only solution is to disable the DCOM service, which breaks any app you have that depends on it. In other news, the Sobig.F virus that hit the scene two days ago is now being found in 1 out of 17 emails - far better than the previous record for Klez.H, at 1 in 138 emails. Damn, Linux is looking better and better!:laugh:
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ BorderI don't know if it's related, but since I've installed SP4 I suffer from inopportune reboots when closing the Media Player (6.4) :wtf::mad: oh, ":mad:" has been relooked, :cool:! I don't think it's related to the virus, my firewall blocks RPC. At work I get 10 to 20 "Sobig e-mails" per day (the double when adding the $#£! warning mails from Norton Antivirus), but none at home :cool:
I have always observed that to succeed in the world one should appear like a fool but be wise - Montesquieu
-
Thanks for the tip! I am using something like AntiVir Personal Edition www.free-av.com[^] it is free. And ZoneAlarm I will put up once I get one more of those worms. :) jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
-
Outpost Firewall[^] from Agnitum is cool too.
I have always observed that to succeed in the world one should appear like a fool but be wise - Montesquieu
-
The infamous Blaster worm gets a second chance! According to Brian Livingston, author of the original Windows Secrets series of books, the patch to fix the RPC flaws in most current versions of Windows (MS03-026) is undone by Win2K's SP4! :laugh::laugh: If you update to SP4, the only solution is to disable the DCOM service, which breaks any app you have that depends on it. In other news, the Sobig.F virus that hit the scene two days ago is now being found in 1 out of 17 emails - far better than the previous record for Klez.H, at 1 in 138 emails. Damn, Linux is looking better and better!:laugh:
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ Border:doh:
-
Pardon my ignorance, but does anyone have a simple and clear explanation of how these worms propagate themselves? I mean, I assume some asshole spent some time writing it. But how did he then unleash it? And how does it jump from computer to computer? I appreciate it. :) Regards, Alvaro
Hey! It compiles! Ship it.
He can launch it from his own computer, all he has to do is infect himself and then his system will start scanning the internet for other IPs to infect... infections will rise expotentially until it reaches saturation and then people start applying patches, the infection rate begins to fall.
-
Thanks! To scan for open ports I use: http://scan.sygatetech.com/[^] jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
-
The infamous Blaster worm gets a second chance! According to Brian Livingston, author of the original Windows Secrets series of books, the patch to fix the RPC flaws in most current versions of Windows (MS03-026) is undone by Win2K's SP4! :laugh::laugh: If you update to SP4, the only solution is to disable the DCOM service, which breaks any app you have that depends on it. In other news, the Sobig.F virus that hit the scene two days ago is now being found in 1 out of 17 emails - far better than the previous record for Klez.H, at 1 in 138 emails. Damn, Linux is looking better and better!:laugh:
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ BorderRoger Wright wrote: Damn, Linux is looking better and better! Really? I think it looks crappier and crappier every day that passes. At least if you look at the whole distribution. I have yet to find a distribution that's not braindead and that works the way I want. Slackware could be it maybe. My money is on FreeBSD. It attracts less zealots and more engineers. It's bound to become a better product than any Linux. :) -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
-
Aw, shucks, Lauren... We love you! I think I still have a copy of Back Orifice around here somewhere - shall I send it to you?:-D
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ Border -
The infamous Blaster worm gets a second chance! According to Brian Livingston, author of the original Windows Secrets series of books, the patch to fix the RPC flaws in most current versions of Windows (MS03-026) is undone by Win2K's SP4! :laugh::laugh: If you update to SP4, the only solution is to disable the DCOM service, which breaks any app you have that depends on it. In other news, the Sobig.F virus that hit the scene two days ago is now being found in 1 out of 17 emails - far better than the previous record for Klez.H, at 1 in 138 emails. Damn, Linux is looking better and better!:laugh:
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ BorderRoger Wright wrote: Damn, Linux is looking better and better! all this happiness is giving you away :suss:, come on Roger, close your KDE session and reboot with W2K ;P
-
After years of happily living without any anti-virus program I have finaly given in. I know John Simmons and some others don't either use anti-virus programs but I am sure they are not so many any more. If things get worse I will even install a proper firewall instead of Microsofts. :) jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
jhaga wrote: If things get worse I will even install a proper firewall instead of Microsofts. If you have old PC hardware collecting dust somewhere, try this: http://www.openbsd.org/[^]. You can NAT with it, firewall with it, bridge with it (transparent firewall/bridge). And it doesn't cost a thing. If you need help configuring the firewall software (which is really easy actually), send me a message and I'll help :) -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
-
Thanks for link! "Unable to determine your computer name! Unable to detect any running services!" :cool:
I have always observed that to succeed in the world one should appear like a fool but be wise - Montesquieu
Don't forget to do the Quick scan: http://scan.sygatetech.com/prequickscan.html[^] Only takes 30 sek. and gives alot of information [Edit: everything should be "Blocked"] jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
-
jhaga wrote: If things get worse I will even install a proper firewall instead of Microsofts. If you have old PC hardware collecting dust somewhere, try this: http://www.openbsd.org/[^]. You can NAT with it, firewall with it, bridge with it (transparent firewall/bridge). And it doesn't cost a thing. If you need help configuring the firewall software (which is really easy actually), send me a message and I'll help :) -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
Thanks for the offer. Are you giving support 7/24? :) If not, I will use Linux. After all Linux is made in Finland. :rolleyes: jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
-
Don't forget to do the Quick scan: http://scan.sygatetech.com/prequickscan.html[^] Only takes 30 sek. and gives alot of information [Edit: everything should be "Blocked"] jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
-
Roger Wright wrote: Damn, Linux is looking better and better! Really? I think it looks crappier and crappier every day that passes. At least if you look at the whole distribution. I have yet to find a distribution that's not braindead and that works the way I want. Slackware could be it maybe. My money is on FreeBSD. It attracts less zealots and more engineers. It's bound to become a better product than any Linux. :) -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
Hi - FreeBSD all the way !! I downloaded RedHat Mandrake and FreeBSD to see for myself what would fit best on my old laptop (Pentium MMX 166 32M RAM). RH and Mandrake both failed the test, they install too much junk I dont need with no decent way to upgrade or remove them. IMO, the FreeBSD "Ports" is the currently the best way to distribute packages today. Currently, I am running it as a internal web server, w/ MySQL , CVS, PHP, Apache.
-
The infamous Blaster worm gets a second chance! According to Brian Livingston, author of the original Windows Secrets series of books, the patch to fix the RPC flaws in most current versions of Windows (MS03-026) is undone by Win2K's SP4! :laugh::laugh: If you update to SP4, the only solution is to disable the DCOM service, which breaks any app you have that depends on it. In other news, the Sobig.F virus that hit the scene two days ago is now being found in 1 out of 17 emails - far better than the previous record for Klez.H, at 1 in 138 emails. Damn, Linux is looking better and better!:laugh:
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ BorderHere is a mail from NTBugTraq list ________________________________________ Seems many of you subscribe to Brian's Buzz. He published a story today; http://www.briansbuzz.com/w/030821/ that included a bit about the statement we, TruSecure Corporation, had posted on our website. During the initial rush to get information out about Blaster, we included a statement that if you had Windows 2000 SP3, then applied MS03-026, you'd be patched. However, if you subsequently installed SP4, you would be reverted to an unpatched state. The testing that was used to come up with this statement was wrong. I did the testing, so I know it was wrong. Last week I rechecked this and found my mistake. Unfortunately, it took until Monday to get the TruSecure alert corrected. Brian refers to a different alert, the original alert about the RPC/DCOM overflow (TSA03-009). I'm not sure we ever had mention about SP4 reverting MS03-026 in that alert. I know we had it in TSA03-011, and that alert now contains the following; "TruSecure Corporation originally believed that Windows 2000 machines which were at SP3, then patched with MS03-026, and then updated to SP4, would become vulnerable to the attacks against RPC/DCOM (e.g. Blaster). Subsequent testing proved this not to be the case. Systems patched in this method will retain the MS03-026 patch after applying SP4 and do not need to re-apply the patch. " Apologies to all who read the incorrect information. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
I don't choose the targets - they present themselves to me in an almost garish display of submission and sacrifice. It's my duty to react as I do. - John Simmons/Outlaw Programmer
-
Thanks for the offer. Are you giving support 7/24? :) If not, I will use Linux. After all Linux is made in Finland. :rolleyes: jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)
jhaga wrote: Thanks for the offer. Are you giving support 7/24? I'll give you my pf.conf. You can stare at it all day long if you want.. :-D jhaga wrote: If not, I will use Linux. After all Linux is made in Finland. How do you pronounce Linux btw? Swedish or Finnish style? (Lee-nUhcks or Lee-nOhcks?) -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
-
Hi - FreeBSD all the way !! I downloaded RedHat Mandrake and FreeBSD to see for myself what would fit best on my old laptop (Pentium MMX 166 32M RAM). RH and Mandrake both failed the test, they install too much junk I dont need with no decent way to upgrade or remove them. IMO, the FreeBSD "Ports" is the currently the best way to distribute packages today. Currently, I am running it as a internal web server, w/ MySQL , CVS, PHP, Apache.
Vivek Rajan wrote: RH and Mandrake both failed the test, they install too much junk I dont need with no decent way to upgrade or remove them. Mhmm! Windows 2000 feels a lot less bloated than both RH and Mandrake. Vivek Rajan wrote: IMO, the FreeBSD "Ports" is the currently the best way to distribute packages today. It is very practical yes, because it allows you to fiddle with the ports yourself very easily should you find a broken package. -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
-
Here is a mail from NTBugTraq list ________________________________________ Seems many of you subscribe to Brian's Buzz. He published a story today; http://www.briansbuzz.com/w/030821/ that included a bit about the statement we, TruSecure Corporation, had posted on our website. During the initial rush to get information out about Blaster, we included a statement that if you had Windows 2000 SP3, then applied MS03-026, you'd be patched. However, if you subsequently installed SP4, you would be reverted to an unpatched state. The testing that was used to come up with this statement was wrong. I did the testing, so I know it was wrong. Last week I rechecked this and found my mistake. Unfortunately, it took until Monday to get the TruSecure alert corrected. Brian refers to a different alert, the original alert about the RPC/DCOM overflow (TSA03-009). I'm not sure we ever had mention about SP4 reverting MS03-026 in that alert. I know we had it in TSA03-011, and that alert now contains the following; "TruSecure Corporation originally believed that Windows 2000 machines which were at SP3, then patched with MS03-026, and then updated to SP4, would become vulnerable to the attacks against RPC/DCOM (e.g. Blaster). Subsequent testing proved this not to be the case. Systems patched in this method will retain the MS03-026 patch after applying SP4 and do not need to re-apply the patch. " Apologies to all who read the incorrect information. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
I don't choose the targets - they present themselves to me in an almost garish display of submission and sacrifice. It's my duty to react as I do. - John Simmons/Outlaw Programmer
Thanks Rama! That's good news.:-D Has anyone told Brian?:rolleyes:
"Welcome to Arizona!
Drive Nice - We're Armed..."
- Proposed Sign at CA/AZ Border -
Pardon my ignorance, but does anyone have a simple and clear explanation of how these worms propagate themselves? I mean, I assume some asshole spent some time writing it. But how did he then unleash it? And how does it jump from computer to computer? I appreciate it. :) Regards, Alvaro
Hey! It compiles! Ship it.
Look up the buffer over run bug.
-
jhaga wrote: Thanks for the offer. Are you giving support 7/24? I'll give you my pf.conf. You can stare at it all day long if you want.. :-D jhaga wrote: If not, I will use Linux. After all Linux is made in Finland. How do you pronounce Linux btw? Swedish or Finnish style? (Lee-nUhcks or Lee-nOhcks?) -- Im hayu samim et hamo'ach shelcha betoch tsipor, hi hayta matchila la'uf achora!
Jörgen Sigvardsson wrote: I'll give you my pf.conf. You can stare at it all day long if you want.. Ok, send it to my email (without the Sobig.F virus,please) :) Jörgen Sigvardsson wrote: How do you pronounce Linux btw? Swedish or Finnish style? (Lee-nUhcks or Lee-nOhcks?) Lee-nUhcks is better if you don't want to swallow your tongue. :) jhaga --------------------------------- I have discovered that all human evil comes from this, man's being unable to sit still in a room. Blaise Pascal (1623 - 1662)