 |
Search |
|
|
|
|
Classic 2 Guys |
|
10 Random Stories:
|
|
|
|
Welcome To Windows! |
|
 Hoo-doggy, it's not a good time to be a Windows user! (Was there ever one? <ba-doom-ching!>) As we noted last week, there's been an exploit for Windows that's just been waiting for somebody to write a worm for. Well that time has come, and in a big way.
It's called the Blaster worm, or by those who don't know him so well it's W32.Blaster.Worm, or W32/Lovsan.worm. Basically, the worm exploits a buffer overrun vulnerability (yup, the one everyone's been talking about for a while now) on Windows NT 4, Windows 2000, Windows XP, and Windows Server 2003. According to Network Associates, once a machine is compromised, the infected system will "download and execute the file MSBLAST.EXE from a remote system via TFTP" and set a registry key as well.
At this point, you get an error message saying you have 60 seconds to reboot your machine, and if you don't do it, it's done automatically. Upon rebooting and logging in, guess what? ERROR MESSAGED! While your machine is running however, the worm will attempt to propagate itself by scanning for other 'infectable' computers on port 135.
So apparently, while there is a patch from Microsoft, you won't be able to get online to download it. Supposedly, deleting the MSBLAST.EXE file will buy you some time, perhaps enough to apply the patch, but this hasn't been verified.
Also, if you run one of the aforementioned Operating Systems from Microsoft (if you can call them that) you should of course apply the patch, but also shutting down port 135 on your firewall wouldn't hurt.
To top everything off (yes there's more!) ... the registry key set by the worm has the following text:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!
Nice, huh?
Can there be more? Why, I'm glad you asked, because yes kiddies, there is! According to F-Secure.com, the worm will "start a distributed denial-of-service attack against the windowsupdate.com server on 15th of August, 2003".
So now is the part where us Mac users get to laugh and gloat and dance little jigs. Excuse me for just a moment.
...
...
Ok, I'm back, and damn that felt good!
I wonder how things are going at the Department of Homeland Security?
|
|
August 11 2003, 6:49 PM EDT, by
 |
Comments:
|
| Man with no pants |
8/11/03, 7:00 PM EDT |
Here's a pic of the registry:
;)
|
| Bob Pensik |
8/11/03, 10:17 PM EDT |
Ah i am so glad that i am switching to a Mac in under a month!! :-) i am sick of this windows crap!
|
| stingerman |
8/12/03, 12:28 AM EDT |
"Even God does not rejoice over the death of someone wicked."
|
| Jonahan |
8/12/03, 8:48 AM EDT |
Well yes, but I'm sure he at least gets a chuckle from watching Microsoft have issues.
BTW, something I should have added to this article was info about just how big this worm is. I work at a Tech Support Center, and visited another one yesterday and both of them were getting abolutely SLAMMED by calls from people who were infected by this puppy. In fact, today it has been upgraded to a level 3 threat by Symantec.
Also, about the attack on windowsupdate.com:
"The worm also attempts to perform a Denial of Service (DoS) on windowsupdate.com. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability."
|
| slackin |
8/12/03, 10:02 AM EDT |
This is from the F-Secure page:
---
UPDATE (2003-08-12 13:03 GMT)
F-Secure is upgrading the Lovsan worm (also known as Msblast) to Level 1 as it continues to spread rapidly. Currently it is the most widespread virus in the world. Symptoms include XP machines rebooting.
---
BTW - Symantec upgraded this virus from a 3 to a 4
Viruses are fun! ;)
|
| squirrel master (reincarnated) |
8/12/03, 1:04 PM EDT |
all i can say is up with hope...down with dope!!!!
|
| macinsider |
8/13/03, 1:51 PM EDT |
id post, but i have been too busy patching every machine on BGSU campus as well as making sure to get the images back up for the computer labs....wow...BG was sure prepared...And i even have been using panther for the past few days.....blah
|
| Jonahan |
8/13/03, 4:04 PM EDT |
Damn, that sux....and why does it seem like every big news site or even TV station is downplaying this thing?
Is it just me?
|
This article is archived, so you may not comment on it.
(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)
|
|
|
|
Site Links |
|
|
|
|
Deep Thoughts |
|
|
When the chairman introduced the guest speaker as a former illegal alien, I got up from my chair and yelled, "What's the matter, no jobs on Mars?" When no one laughed, I was real embarrassed. I don't think people should make you feel that way.
|
|
Around Da Web |
|
| iProng: |
iPhone steals show at CTIA Wireless 2007
|
DLO offers dual cover fashion case for iPod
|
AT&T received 1M inquiries on iPhone
|
| MacDailyNews: |
Ars Technica in-depth review: Apple TV ?impressed all those who touched it?
|
Inside Apple?s Mac OS X 10.5 Leopard Server OS
|
The chips inside Apple TV
|
| Think Secret: |
Adobe Creative Suite 3 pricing revealed
|
|
|
We Like: |
|
|
|
|
Side Projects |
|
Jonahan
- JediPoker.net
- Jonahan.com
- iProng
- MacProng
iKen
Jedbeck
J.P.
|
|
