Author Topic: New Worm Information - Everyone READ (Read 721 times)

Skuzzy · « **on:** August 12, 2003, 11:48:10 AM »

The worm MSBlaster uses port 4444 on your computer for propagation/checking. You can go ahead and block access to that port in your firewall and still play Aces High just fine.

Rutilant · « **Reply #1 on:** August 12, 2003, 11:50:08 AM »

How would i block individual ports with say.. blackice?

WhiteHawk · « **Reply #2 on:** August 12, 2003, 01:08:34 PM »

Sorry, I am a simpleton, but I have the worm.
Do we do this to prevent getting it, or if we have it? Or in any event?

Ack-Ack · « **Reply #3 on:** August 12, 2003, 01:53:24 PM »

To remove it, go to this site and download the worm removal tool.

download

ack-ack

mia389 · « **Reply #4 on:** August 12, 2003, 02:09:12 PM »

is this the worm that caused me to keep losing RPC?

Shane · « **Reply #5 on:** August 12, 2003, 02:36:26 PM »

very likely.

Ack-Ack · « **Reply #6 on:** August 12, 2003, 02:48:22 PM »

Does this effect Win2k/XP only or all Windows OS's?

ack-ack

Shane · « **Reply #7 on:** August 12, 2003, 02:52:55 PM »

2000 and XP only (to date).

bloom25 · « **Reply #8 on:** August 12, 2003, 03:09:58 PM »

This vulnerablity affects Windows NT 4, Windows 2000, Windows XP, and Windows Server 2003. The dead giveaway that you've got it is the message about the RPC service failing and system reboots.

You can get the patch for the vulnerability here:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

Be aware that if you do not get the patch, you WILL get this virus again even if you remove it.

Swoop · « **Reply #9 on:** August 13, 2003, 02:46:01 AM »

Hmmm. Funny. According to British news sources if effects only XP and ME and uses port 135.

FOGOLD · « **Reply #10 on:** August 13, 2003, 05:15:23 AM »

I got this on my games machine. Why? because I had disabled firewall and pc-cillin to play Aces High and forgot to put it back on after playing aces high to go surfing!

My advice is, if you don't have disco problems, leave it all running all the time. If you turn off firewall/virus scanning YOU WILL GET CAUGHT OUT.

Luckily it is not too difficult to get rid of, as far as I can see anyway:rolleyes:

Maniac · « **Reply #11 on:** August 13, 2003, 06:27:16 AM »

Quote

Do we do this to prevent getting it, or if we have it? Or in any event?

In any event. Or better yet, disable all incoming ports in your firewall..

Skuzzy · « **Reply #12 on:** August 13, 2003, 07:12:19 AM »

Quote

Originally posted by Swoop
Hmmm. Funny. According to British news sources if effects only XP and ME and uses port 135.

They are incorrect Swoop. XP/2K/NT are the problem operating systems.

I will never understnad ISP's that allow ports 13x to propagate to/from the Internet. It is just plain wrong.

2Hawks · « **Reply #13 on:** August 13, 2003, 05:22:16 PM »

Quote

Originally posted by Skuzzy
They are incorrect Swoop. XP/2K/NT are the problem operating systems.

I will never understnad ISP's that allow ports 13x to propagate to/from the Internet. It is just plain wrong.

With Cable Modems it is unavoidable on shared cable segments unless you have a personal firewall solution between the 'hood and your network.

flakbait · « **Reply #14 on:** August 13, 2003, 06:14:55 PM »

Skuzzy, you sure about the port? BlackICE has caught ten TCP MSRPC probe attempts in the past hour, all from various ports not listed as coming from 4444. The source ports are listed as...

2865
2875
3103
2875
3884
2404
1150

All were targeting port 135, and BlackICE caught 'em all. Funny part is, I helped my ISP nail down three of the offenders; turns out three other users' systems were pinging mine!

-----------------------
Flakbait [Delta6]
Delta Six's Flight School
Put the P-61B in Aces High