PDA

View Full Version : Keep up with your patches - RPC worm spreading fast



PressF1 User
13-08-2003, 10:55 AM
Seems this RPC worm is getting quite a bit of press......

http://www.theregister.co.uk/content/56/32286.html

In typical Microsoft style -' Terry Allen, of Microsoft New Zealand, says that while there is no known attack in progress, the company believes this may occur in the near future'.... ummm excuse me Sir but you might want to read the computer forums!! It seems that August 16 will be the wake up call...

http://xtramsn.co.nz/technology/0,,7003-2577601,00.html

Cheers PF1 :-)

stu140103
13-08-2003, 12:21 PM
From computerword

Business as usual for virus despite trustworthy computing (http://computerworld.co.nz/webhome.nsf/UNID/313E10A85E41B289CC256D80002C6010!opendocument)

Mike
13-08-2003, 12:24 PM
> In typical Microsoft style -' Terry Allen, of
> Microsoft New Zealand, says that while there is no
> known attack in progress, the company believes this
> may occur in the near future'.... ummm excuse me Sir
> but you might want to read the computer forums!! It
> seems that August 16 will be the wake up call...

What's so wrong about what he said? He's being honest.

Mike.

PressF1 User
13-08-2003, 03:45 PM
Mike - there's nothing wrong with being honest (Microsoft?) and the comment wasn't meant to upset anyone but it is very clear that this worm is indeed infecting machines at an alarming rate (plenty of posts to this forum alone) and has been doing so over the past week. The PC Company has obviously felt strongly enough about this fact to have sent out a newsletter to it's users advising about it and how to remove the worm. Someone in the responsible position as Terry Allen should be better informed to new infections before making such comments (which were posted on the Xtra home page) for all to see, and thus according to him, users post no threat from something that is indeed infecting many many users through NZ and the world.

Cheers PF1 :-)

Mike
13-08-2003, 11:11 PM
> Mike - there's nothing wrong with being honest
> (Microsoft?) and the comment wasn't meant to upset
> anyone but it is very clear that this worm is indeed
> infecting machines at an alarming rate (plenty of
> posts to this forum alone) and has been doing so over
> the past week. The PC Company has obviously felt
> strongly enough about this fact to have sent out a
> newsletter to it's users advising about it and how to
> remove the worm. Someone in the responsible position
> as Terry Allen should be better informed to new
> infections before making such comments (which were
> posted on the Xtra home page) for all to see, and
> thus according to him, users post no threat from
> something that is indeed infecting many many users
> through NZ and the world.

I think you have misunderstood Terry Allen's comments, and what he was referring to when he mentions "attacks".

Mike.

tedheath
14-08-2003, 12:10 AM
I knew there was a reason I kept W98SE.
Lucky the designers of these worms cant be bothered with messing around with 95 and 98.

;)

tedheath

vk_dre
14-08-2003, 12:29 AM
i'm a bit mixed up now, will a firewall prevent the worm from enterring ur computer? Cos when i read the precautions on the MS site, they dont mention using a firewall to protect urself.

cheers,
v.K

PressF1 User
14-08-2003, 10:13 AM
(1) Sorry Mike but attack means attack which ever way you look at it. Weather its against the Microsoft site on the expected August 16 date or against the home or business user as at present. There clearly has been an 'attack' in progress which has been clearly obvious by the way in which help lines (0800) and forums have been trying to deal with this ongoing problem. However upon saying that I see that Mr Terry Allen has now become much more vocal in addressing the severity of this threat, as seen on both TV 1 and TV 3 News last night, and heard on National Radio News.

(2) Good point tedheath but I think this is just the latest security hole to be picked up by a sorry hacker. Fingers crossed that '98 will remain unaffected by threats but past experience has shown us otherwise.

(3) Yes vk_dre - according to information put out on several forums a firewall (properly configured) will indeed help prevent this worm from entering, or exiting the system. Windows XP has the ICF (internet connection firewall), which can be turned on. Zonealarm will notify of both inbound and outbound traffic if the program hasn't been given access rights (that is, if the msblast.exe tries to connect to the internet)
The actual setting for ICF in XP is found in Start + Settings + Network Connections + right click your connection icon and choose properties + click the advanced tab + click in the Internet Connection Firewall box (to turn it on).

Cheers PF1 :-)

Susan B
14-08-2003, 10:14 AM
> will a firewall prevent the worm from enterring ur computer?

Yes, if you have set the firewall to block Port 135 from TCP traffic. Have a look at Agent's thread (http://pressf1.pcworld.co.nz/thread.jsp?forum=1&thread=38273) for more ports that may be worth blocking.

TonyF
14-08-2003, 10:31 AM
>
> I knew there was a reason I kept W98SE.
> tedheath
>
>
>
Me too ............

Zippity
14-08-2003, 10:38 AM
And here was me hating WindowsME on my home PC :)

stu140103
14-08-2003, 01:27 PM
> And here was me hating WindowsME on my home PC :)

I also have Win ME :)

Kame
14-08-2003, 01:53 PM
Windows ME can face other problems unfortunately...

And YES people who don't care about what they do... update your system, I've had over 25 calls on this in one day, and I'm travelling too much just with my own personal PC Fixing CD that has a wide range of tools for fixing and keeping the system protected, hopefully they've now realised the reason why keeping updated is good, it doesn't waste their time and it doesn't waste mine.

This worm is good for business, but for me to run around all day is not fun for something that takes only a few minutes to fix. It's quicker to install the patches than wait on me.

tedheath
14-08-2003, 02:47 PM
I get mad when people blame Microsoft for the problem.
Don't blame them and dont blame people for not downloading patches.
The person to blame is the scum who writes the worm and sends it.

Would you blame yourself if you didn't have any ammunition for your gun(you got lazy and didn't replace it after hunting). Later on you had a home invasion and your whole family got murdered.


cheers
tedheath

Chilling_Silently
14-08-2003, 02:56 PM
I think that example is a little extreme.. But none-the-less, both parties are at fault.. All parties really.

For starters, my parents should have been updating their PC with the Patches.

Second, Microsoft should really have found out about this problem a long time ago, seeing as it affects WinNT, 2K, XP, and .NET Server 2k3!!!

Lastly is the writer.. who obviously (Like myself) thinks that its a bit of a joke that things like this which can be so harmful, are left un-patched or un-discovered for so long!

To add to your little example there.. Who left the Windows next to the front door open for the raiders to come through?

stu140103
14-08-2003, 03:42 PM
Seen you are all blaming Microsoft &/or your self for not updating & as well the Windows crashes you get, Microsoft is blaming third party code for the Windows crashes

You can read more about It here (http://www.zdnet.com.au/newstech/security/story/0,2000048600,20277185,00.htm
)

Also half the problem is that end users do NOT update their computers or people do not use their Common sense when opening e-mail attachments or they do not run a Antivirus /firewall Programs!!

Or even some times if they do apply a SP/ patch’s then they remove the SP &/or patch’s because they slow down there computer or something goes bad with it etc…. a good example is PoWa & others on Press F1….& every where in the word who is running a un patch computer ( sorry PoWa for using you as a example)

Ok I have to say some times Microsoft do stuff up but most of the time they do(most of the time) fix the problems.

vk_dre
15-08-2003, 12:22 AM
> (3) Yes vk_dre - according to information put out on
> several forums a firewall (properly configured) will
> indeed help prevent this worm from entering, or
> exiting the system. Windows XP has the ICF (internet
> connection firewall), which can be turned on.
> Zonealarm will notify of both inbound and outbound
> traffic if the program hasn't been given access
> rights (that is, if the msblast.exe tries to connect
> to the internet)
> The actual setting for ICF in XP is found in Start +
> Settings + Network Connections + right click your
> connection icon and choose properties + click the
> advanced tab + click in the Internet Connection
> Firewall box (to turn it on).

I alread knew all that, i just asked in the sense of wot port to block. :) Cos on the websites it hinted to firewalls that had not "served the purpose" so i wondered wot ports had to be blocked. Thanks anyway. :)

PoWa
15-08-2003, 12:38 AM
lol Stu. The bad guys can try and get me all they want.

Running ADSL Router with NAT and SPI firewall with Intrusion Detection Systems turned On.
Inbehind that all internet traffic is routed through a 486DX running Smoothwall 1.0 before it gets to my pc.
When the data finally gets to my pc, it finds Norton Internet Security (configured properly) and everything set to high defense.
And then I've also got Norton Antivirus.

Bring it on!!! :D

And btw, I haven't been affected by this worm or any other worms/viruses/security alerts/ or even been hacked since I put this system in place.

Susan B
15-08-2003, 10:08 AM
PoWa: are you sure it is the service packs that slow your PC down so much and not all that lot that data needs to wade through to get to you? :p :D

PoWa
15-08-2003, 04:30 PM
Absolutely positive its the service packs Susan :p My computer is quite fast without the thing. Only internet traffic is really slowed down by that firewall system. :)

csinclair83
15-08-2003, 04:43 PM
didnt think it was this big a deal...
i've heard about it on news...papers..and this..
and i havent downloaded 1 single patch for it...
am i supposed to?
havent had 1 attack...nothing at all..and am using xp...

heaton
15-08-2003, 05:10 PM
More confusion. Microsoft Newsletter 15/8/03 states that for XP users they will have to download security patch MS03-026.
Go to the windows upgrade site and it states security patch XP-823980 is what is required. According to my history I downloaded this security update 17/7/03.
To doublecheck I went into Windows updates again and after the scan it told me there were no critical updates. So what's this MS03-o26 and do I still need it ? And if I do why is it not in the current critical updates list ?
cheers......heaton

stu140103
15-08-2003, 05:13 PM
> didnt think it was this big a deal...
> i've heard about it on news...papers..and this..
> and i havent downloaded 1 single patch for it...
> am i supposed to?

Yep

> havent had 1 attack...nothing at all..and am using
> xp...

Who is your ISP??? & Do you have a firewall???

stu140103
15-08-2003, 05:29 PM
> More confusion. Microsoft Newsletter 15/8/03 states
> that for XP users they will have to download security
> patch MS03-026.
> Go to the windows upgrade site and it states security
> patch XP-823980 is what is required.

> According to my
> history I downloaded this security update 17/7/03.
> To doublecheck I went into Windows updates again and
> after the scan it told me there were no critical
> updates. So what's this MS03-o26 and do I still need
> it ? And if I do why is it not in the current
> critical updates list ?

You have all ready download it :), to check go back to the windows update site under other options > view Installation History

J ZEP
15-08-2003, 05:36 PM
Hi Heaton, yes you have the right patch - the "Microsoft Security Bulletin" (which provides the relevant imfo. on the problem) relating to this issue is named MS03-026. The "Patch/update for it is no. KB 823980. It is a little confusing that they have a different no. for the "Secrutiy Bulletin" & "patch" and i am sure you are not alone in being unsure by this ?:|.

agent
15-08-2003, 06:49 PM
Here is a link (http://www.pcauthority.com.au/index.asp?PageType=ArticleDetail&CatID=1&ID=13717) to an article that defends Microsoft better than the house invasion example. It states quite clearly, that an update was released "more than a month ago". Back then, this flaw had yet to be exploited.

Now, I ask you, who's fault is it for not installing this patch? Once again, as the article says, just because an update is too difficult to install, or administrators are busy, etc, that is no excuse for installing it. On the corporate side, an administrators job is partly to keep systems secure. On the home user front, it wouldn't be far from accurate to say that the vast majority of users know about Windows Update or Automatic Updates. They know these services are provided so that the user can easily install the latest updates. I subscribe to the Microsoft Security bulletin newsletter. Why? Because it pays to keep on top of updates. I would advise people who don't often monitor their Windows systems to also subscribe to it. It might help you in the future.

As for Terry whatsisname saying that Microsoft know of no attacks when he said that statement, I disagree that this is an incorrect statement. It is known that the worm will attack the Microsoft Windows Update site on Saturday 16 August. Whereas attacking computers? No, it infiltrates them through a uncommonly used service (tFTP) which, it would appear (also from the name of it), does not require user interaction.

csinclair83
15-08-2003, 10:51 PM
isp is quik internet
and firewall no
just nortons antivirus and nortons interet security...
i update antivirus every day since i heard this...thats all i've done


to download the patches can i have direct links as i not really in a mood to go searching or fiddling thru the confusing microsoft website...

Jen C
15-08-2003, 11:49 PM
> to download the patches can i have direct links as i
> not really in a mood to go searching or fiddling thru
> the confusing microsoft website...


Blaster Worm: Critical Security Patch for Windows XP (823980) (http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=en)

Chilling_Silently
18-08-2003, 01:31 PM
Or.. You can get the Fix from http://www.rescueman.tk while you're at it :-)