servers and networks seem to have been crashing allot
there seems to be a world wide problem and it is not yet in the news
is anyone aware of what is happening
is it just a new type of hacking?

any clues?

groove on :)

That's funny, just as I read your post I switch over to do some actual work and I get errors. My coworkers computer has detected a worm on her system and now mine is acting up too.

YOU MUST HAVE DID IT!! :D

It seems that it's up to Avatar to shed some light for you experts :p

crashing are Windows NT-2000-XP-2003 servers due to a serious exploit.
it was found about 3 weeks ago and nobody seemed to mind it.

Of course Avatar here immediately patched his computer

It's a RPC vulnerability using DCOM windows service.

Basicaly it can be used as a trojan to completely take over your pc. If it's unsuccessful, then your system restarts. And so again and again.

To fix this problem get this official MS patch http://support.microsoft.com/?kbid=823980

and you may also have cought some of the most frequent viruses that are uploaded through this security hole
cure it with this
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

you can read more about the issue
here http://www.securityfocus.com/bid/8205/solution/

or an idiot friendly version at Yahoo :p
http://uk.news.yahoo.com/030812/80/e62bs.html

edit: few stupid spelling mistakes

It's a new type of worm on the loose. Apprently it comes with a message "Billy Gates why do you make this possible? Stop making money and fix your software!!"

The good news is that it only affects people with computers running windows XP and 2000. So us people using 98 are safe.:p

http://www.reuters.com/newsArticle.jhtml;jsessionid=R0DQTPLNRMFG4CRBAE0CF FA?type=technologyNews&storyID=3264960

makes me happy that I never read or store my spam.

Originally posted by WellCookedFetus
makes me happy that I never read or store my spam.

From what i've heard it seems the virus can install itself on your comp via any open port :eek:

that's right, but most frequently TCP and UDP port 135 is used

I'm behind a Firewall

won't help if DCOM is enabled and you haven't made a special rule on the particular ports.
dcom is enabled in 98% of win pc's
advice you to get the patch @ MS anyway

my firewall is in a linux router.

who says I did not get the patch?

Halo
LOL if i had that level of knolledge i would be too busy making money in a well paying job and partying my arse off
in the times i was not working
:D

Avatar
thank you for the links i got the patch just after posting this thread
im hoping its all fixed with this pc

im almost glad im not a systems administrator considering the amount of crap that gets flung around like that

groove on all :)

Originally posted by ripleofdeath
im almost glad im not a systems administrator considering the amount of crap that gets flung around like that


Everybody who is not a sysadm is happy not being one atm ;)

Originally posted by Bachus
Everybody who is not a sysadm is happy not being one atm ;)

But the sys admins that have not been affected because of their proactive practices are loving it. It's nice to get complements because of peoples systems not crashing due to this worm.

Originally posted by CompiledMonkey
But the sys admins that have not been affected because of their proactive practices are loving it. It's nice to get complements because of peoples systems not crashing due to this worm.

You.....you get complements?? :eek:

Port 135 is the Microsoft Messenger port. Not MSN but the place in XP where you recieve the notices that new updates are advailable from the Microsoft update data banks.

Many have complained of seeing those large ugly grey ad boxes that pop up on your computer. Those too are taking advantage of the same port. They load a small program on your computer while you are visiting a site on the internet. Later the program calls home and starts to d/l the latest ad. After that when you are somewhere else other than where you got the thing at, all of a sudden you start seeing these ads popping up.

Another point that is open in your computer when you use XP is TCP port 5000 open and accepting remote connections and UDP port 1900 listening for inbound datagrams. These are the ports that XP uses for plug and play features. If you know how to configure a hardware firewall, I suggest that you do so. If not, turn the feature off. It is needed when you install new hardware and most folks don't do that often. When you do install new hardware, turn the feature on, let it do its thing and turn it back off when done.

One other thing you should be aware of. Microsoft is getting in the act. When you d/l new updates, you should return to your settings and recheck them. Microsoft has been altering these settings back to the default so their stuff works as they would like it instead of how you would like it. I NEVER EVER allow updates to just happen by putting them in automatic. MS will then load you full of stuff. Media 9 is another I don't want on this computer. If you play d/led wma files, you should be aware that Media 9 has a phone home feature. If it is not a legally purchased file it will tattle on you.

Originally posted by Bachus
You.....you get complements?? :eek:

I'm a net tech in my major at school (Information Systems). So the professors understand how good we're doing when nobody is infected by something like this. :D

be forewarned, there is also a varient of this worm on the loose called "teekids". the "Bill Gates why do you make this possible" thing was replaced by some more colorfull wording, and it shows up in your task manager as "teekids.exe" instead of "msblast.exe"


I'm so glad I have a Mac. I have a Windows machine at work, and yesterday, 4 hours of worktime was lost as I helped all my co-workers install the patch.

Worms have been a problem ever since their first creation from the inspiration of the "Hackers" film.

When a server is taken down it usually means that it's been killed from a DoS (Denial of Service) attack since some of those servers will not be infected by the worm.

Most servers on the net have upper-bandwidth restrictions and the constant bombardment of worm attempts at gaining access to MS IIS server is rediculous.

In fact it's possible to search google for peoples server logs and you'll get lists of the attempted accesses. There are a few attempts appearing for other things other than M$, like the notorious mailform.cgi (which a worm looks for to exploit to resend itself).

For systems administrators there are ways to blackhole attempts (of course you have to set up a rule for each one), any URL that doesn't have a page is usually greated by a 404 error (or any 400 range) it's best to try to keep any pages that load for 404 errors down to a minimum in size just to lower the DoS effects.

Presently a couple of whitehats I know have been looking into a creation of programs that match the URLS that are called upon to infect the attacking machine with a Patch, but it's taking some time to setup.

Basically when a URL is called, it can check the worm pattern and transmit and attack back at it (patching the hole).

Just turn off the RPC.