PDA

View Full Version : Careful - the msblast.exe worm is on the loose!!



PressF1 User
12-08-2003, 04:00 PM
A new worm that exploits the Remote Procedure Call (PRC) vulnerability is doing the rounds at the moment and attacked my machine this afternoon (I'm running Windows XP Pro). I was notified by ZoneAlarm as it tried to access the internet.

Its only 6 Kb in size so is not noticed as it's being downloaded (even on 56 k), and it will reside in your windows system folder.

Watch the firewalls and make sure that your virus scanners are up to date with the latest updates.

The worm scans random ranges of IP addresses on port 135 for the security flaw. You can read more here:

http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=43865


Cheers PF1 :-)

stu140103
12-08-2003, 04:09 PM
There is a patch available to fix this exploit(You can get it throw windows update)& you can test your computer to see if port 135 is open at http://grc.com

PressF1 User
12-08-2003, 04:09 PM
If the other link doesn't work try this instead:

http://www.informationweek.com/story/showArticle.jhtml?articleID=13000581

Cheers PF1 :-)

PressF1 User
12-08-2003, 04:18 PM
This will test your port 135 to see if you are vulnurable to attack:

https://grc.com/x/portprobe=135

Cheers PF1 :-)

KiwiTT
12-08-2003, 04:50 PM
McAfee has a patch too!!!

yang11
12-08-2003, 06:03 PM
using nod32

agent
12-08-2003, 06:30 PM
Well, I'm sure this is all nice talk, but there's just one thing...

As with many cases of Microsoft flaws, the official patch for this has already been released by Microsoft.

The official security bulletin from Microsoft is available here (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp).

It was also released to many technology news sites, many of which advised to block port 135 with a firewall.

Over two weeks ago, I installed the patch, and blocked port 135 with Kerio.

It just so happens many users don't often listen to these security bulletins, as was the case with the Slammer and Code Red worms.

J ZEP
12-08-2003, 06:36 PM
I am presuming you mean the patch that came out in/on about 16-18 July 03 through "windows update": KB 823980 for Microsoft Security Bulletin MS03-026 ?

Here (http://www.microsoft.com/security/security_bulletins/ms03-026.asp)

Or is there some revision to that update or something? as I am showing as up to date through "windows update"?

J ZEP
12-08-2003, 06:40 PM
Thanks Agent ;-), I thought that was the case/update - boy i am getting slow at typing, your post didn't appear till i posted mine :-)