blaster worm virus

stephen T · Post by **stephen T** » Tue Aug 12, 2003 2:27 pm

well that was fun last nite lol.

get all your updates asap ppl.

Post by **Lyndon** » Tue Aug 12, 2003 8:35 pm

microsoft have issued a patch for XP (yet again) to cure/fix the fault/bug that the virus uses -

http://www.microsoft.com/downloads/deta ... laylang=en

stephen T · Post by **stephen T** » Tue Aug 12, 2003 9:10 pm

if u have the virus it stops u downloading the fuking patch.

its gunna all kick of on the 15th LOL. microsoft beware.

stephen T · Post by **stephen T** » Tue Aug 12, 2003 9:14 pm

some more nice info LOL.

Creates a hidden Cmd.exe remote shell that will listen on TCP port 4444, allowing an attacker to issue remote commands on the infected system.

Listens on UDP port 69. When the worm receives a request from a computer it was able to connect to using the DCOM RPC exploit, it will send that computer Msblast.exe and tell it to execute the worm.

If the current month is after August, or if the current date is after the 15th, the worm will perform a DoS on Windows Update. The worm will activate the DoS attack on the 16th of this month, and continue until the end of the year.

Post by **Lyndon** » Tue Aug 12, 2003 9:22 pm

if u have the virus it stops u downloading the fuking patch.

thats why i posted the link so people can be patched b4 they get the virus or so much as a sniff of it

tiranova · Post by **tiranova** » Tue Aug 12, 2003 10:27 pm

some more nice info LOL.

Creates a hidden Cmd.exe remote shell that will listen on TCP port 4444, allowing an attacker to issue remote commands on the infected system.

Listens on UDP port 69. When the worm receives a request from a computer it was able to connect to using the DCOM RPC exploit, it will send that computer Msblast.exe and tell it to execute the worm.

If the current month is after August, or if the current date is after the 15th, the worm will perform a DoS on Windows Update. The worm will activate the DoS attack on the 16th of this month, and continue until the end of the year.

And just what does all that mean in non IT language?

stephen T · Post by **stephen T** » Tue Aug 12, 2003 10:32 pm

its gunna stop u from being able to visit microsoft.com

stephen T · Post by **stephen T** » Tue Aug 12, 2003 10:33 pm

if u have the virus it stops u downloading the fuking patch.
thats why i posted the link so people can be patched b4 they get the virus or so much as a sniff of it

also updatenorton ppl. even tho that cant get rid of it i have heard. mine didnt find it i know that much. bastards i had to do mine manually.

Post by **Lyndon** » Tue Aug 12, 2003 10:36 pm

or when the virus is active they can shut down your machine

from a mates website -

http://www.bl0g.co.uk/

message timed 18:28 is one your after

Post by **Lyndon** » Tue Aug 12, 2003 10:39 pm

nortons as got a update already -

http://securityresponse.symantec.com/av ... nload.html

stephen T · Post by **stephen T** » Tue Aug 12, 2003 10:47 pm

yes norton has an update but didnt find shit on my machine.

rob · Post by **rob** » Tue Aug 12, 2003 11:28 pm

we have been aware of this one for a couple of weeks already.

Thats why I am working nights and trying to patch approx 480 servers.

Keep posting during the night - its gonna help me stay awake. Only getting 3 hours sleep a day at present Zzzzzzzzzzzzzzzzzzzzz

nuttyslack · Post by **nuttyslack** » Tue Aug 12, 2003 11:35 pm

Stephen T,

if you have checked your machine then you havent got the worm,there is a removal tool on the link below.

http://securityresponse.symantec.com/av ... .tool.html

MattB · Post by **MattB** » Wed Aug 13, 2003 9:50 am

If you have a decent firewall then you shouldn't get this virus in the first place.

Now I'm not one to say I told you so....

stephen T · Post by **stephen T** » Wed Aug 13, 2003 10:56 am

i got norton firewall but i dont run it while i am sat at the comp.

i removed the virus manually so i dont need the tool thanks

but i defo had the worm as i seen it wriggling for myself LOL.