Mobile Bay Reef Keepers

Mobile Bay Reef Keepers - A reef keeping community located in the Alabama and Gulf Coast region.
https://www.mbrk.com/

W32.Blaster.worm

https://www.mbrk.com/viewtopic.php?t=442

Page 1 of 1

W32.Blaster.worm

Posted: Tue Aug 12, 2003 5:48 pm
by snoopdog
Considering the fact that this sucker infected my laptop from a remote source and the number of machines that came into the office today this is one mean sucker. There was alot of talk of it yesterday as IT and Admin work alot of overtime handling the support calls. Anyway here is a fix for it and a description.
Based on the number of submissions received from customers and based on information from the Symantec's DeepSight Threat Management System, Symantec Security Response has upgraded this threat to a Category 4 from a Category 3 threat.

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download and run the Msblast.exe file.

Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:


TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on Windows Update. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.

NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003, rev. 19
http://securityresponse.symantec.com/av ... .tool.html

Posted: Tue Aug 12, 2003 7:27 pm
by Scott
How about a little of that in English? How do you know if you have it?

Posted: Tue Aug 12, 2003 7:38 pm
by snoopdog
Your computer will just "reboot" constantly, normally happens if you are on a static connection like DSL or cable, but could happen on dial-up. Also predominate with 2000, or Win XP.

Posted: Wed Aug 13, 2003 7:09 am
by ShagMan
We had to reload our laptop due to this bugger yesterday. It would kill the RPC service, causing a forced reboot. Had to burn our stuff to CD's in safe mode and then reformat/reinstall. Nasty.

Posted: Wed Aug 13, 2003 7:11 pm
by SaltnLime
does norton recognize that bug yet?

Posted: Thu Aug 14, 2003 4:54 pm
by snoopdog
It is listed as a known threat so as long as you are updated then yes.

Posted: Fri Aug 15, 2003 11:26 am
by Melissakins
Here's something you might try:


Windows 2000 Patch:
http://microsoft.com/downloads/details. ... laylang=en


Windows XP Patch:
http://microsoft.com/downloads/details. ... laylang=en[/url]

Or run a Windows update: Start button, Window's update, etc...
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited