Web Worm Attacks Windows, Spreads Fast

Reuters - Mon August 11, 2003
An Internet worm that takes advantage of a recently discovered, widespread security hole in Microsoft Corp.'s Windows software emerged around the United States on Monday, crashing systems and spreading to vulnerable computers, security experts said.

The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP.

Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable machines and attacks them, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute.

The worm also appears to instruct the computer to launch a distributed denial of service (DDOS) attack on August 16 against a Microsoft Web site, he added. In a DDOS attack, a Web site is temporarily paralyzed after receiving requests from numerous multiple computers.

REUTERS STORY

I hope this didnt affect anyone here. I guess there is one advantage to me having the prehistoric Windows98.

Yep, it started hitting my sons computer late last night. He said it stopped though once he put his firewall up.

It makes your computer reboot.

Originally posted by Valhall
Yep, it started hitting my sons computer late last night. He said it stopped though once he put his firewall up.

It makes your computer reboot.

I've been wondering why my internet connection has been so slow lately.

I thought that the problem is within my windows XP and reinstalled it.
By the way � isn�t the file �msblast.exe� part of that virus/worm?

I tied me up all night last night and into this morning until my I.T. guy came in and removed it from my notebook and installed the patch from M.S. Update.

If you have XP there is a built in firewall you can turn on in the advanced tab in properties (right click your connection icon) in your network connection. Click the "Protect my computer" box and make sure a check mark appears in the box and hit ok.

This stops it from getting back to you via the web.

You sghould then go to MS Update.com and get the patch so it'll be out of your system. Do this BEFORE the 16th of August however because that website is going offline the 16th due to this worm.

PEACE...
m...

If you run XP or 2000 and have a firewall, all you need to do is block TCP and UDP port 69 and TCP port 135. This will keep the worm out if you don't have it, and if you do, this will keep it from spreading to other unpatched systems.

And us Mac users are sitting here quietly shaking our heads.

tisk tisk

yeah, yeah rub it in william...
Oh well no problems here, my computer is up all day, and I have downloaded 1.2 gigs already...and I don't even have a firewall running on this computer.

If someone still have problems with this worm, then visit this page

woohoo!!! i got windows me. i wonder why it doesn't say its affected? didn't windows me come after windows 2000, but before xp?

This worm only affects the RPC DCOM features on Win XP or 2000.

DAMNIT!!

I formatted then reinstalled windows XP 1 week ago and now i have that stupid virus by me not even downloading it

I put up a firewall (Zonealarm) and it stopped it from sending out requests.

Yeah I got hit by it last night. It's a real pain in the arse and keeps making your computer shut down.

go here for instructions in how to sort it out.

s1.cgi.gamefaqs.com...

So that's why thoses two XP Home computers kept sucking all the bandwidth of our network. Hummm...
I think it's time to eradicate some bugs. Gotta go to work. Thanks for the thread

Why the hell does this page cause a box to appear asking for my hotmail/passport password?

Hahaha.Microsoft has its eye on you.

Resistance is futile. You WILL be assimilated.

this is important:

if you find a file called "MSBLAST" [usually an exe] inside of your windows directory, DELETE IT ASAP.

this is the executable version of this worm and must be removed to prevent further infections

Originally posted by Zzub
Why the hell does this page cause a box to appear asking for my hotmail/passport password?

THat happened to me too. I noticed it a few hours ago. AlienS's avatar caused it. It seems that he removed it now, since I don't get a pop up anymore...

THat happened to me too. I noticed it a few hours ago. AlienS's avatar caused it. It seems that he removed it now, since I don't get a pop up anymore...


Thanks for the head's-up. I was starting to worry that I may have some problem. I'm behind zonealarm, a router and norton av, I hope that's enough.

I got hit by it yesterday (accualy it started like on the 6th but yesterday was really bad)...But it was strange the only thing that got hit was my scvhost.exe...I keept getting a error thing for that about every 15 minutes...I downloaded the patch and that works now...

The strange part was it would pop up sooner when I went here....I don't know why...