Got Blasted?!

[danielwang]

It seems I've found the source of my hardware woes... they happened to coincide with A Not To Be Named Worm and I thought it was me... how silly...

Got blasted?

The blaster worm?

You know, WinXP?

If you don't know what I mean by those non-sentecned and you run XP, you need to install the latest hotfix and enable Firewall.

Instead of getting infected, thank bofh, the newer Dot Net Gundam builds recover the thread... but that leaves some dependent services hanging and Svchost initiates a 60-second shutdown.exe (this is changeable in MMC). You may recieved this message:

The system is shutting down. Please save all your work and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM. Shutdown will begin in 60 seconds. Shutdown message: Windows must now restart because the remote Procedure Call (RPC) service terminated unexpectedly.

If you have installed a korean RPG such as Fagnarok Online, Project Farkturus, Priston Tale, or any other similar app, you are not affected.
Just open up Priston Tale etc and it'll start "nProtect"... start firewall, scan for the virus and of course defrag your hard drive and call your mom... annoying software.

[danielwang]

I'm running the basic firewall off of RRAS now like MS suggested, but I'm having problems with non-established connections to random ports. I'm going to either have to type in an entire port range, exclude a huge block of IPs, or more likely figure out how to get IP Fitering to work on dialup.

The patch refuses to install, Windows Update says no updates...

[Jebadia]

Son...I run win98...it don't touch this shit..

the blaster worm became almost harmless 36 hours after it was found out. though it kicked a lot of ass within that time. Every anti-virus and security company should have it under control by now.

For those who missed out on the news about it:

Brief Description

Blaster is a worm that infects only Windows 2003/XP/2000/NT computers. Blaster exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.

Blaster launches denial of service (DoS) attacks against the windowsupdate.com website. Whenever the system date is between August 16 and December 31, 2003, Blaster sends a 40 byte packet every 20 milliseconds, using the TCP port 80.

Blaster spreads by attacking IP addresses generated at random and exploits the vulnerability takes advantage of the exploit mentioned above to download a copy of itself to the compromised computer a copy of itself. In order to do this, Blaster incorporates its own TFTP (Trivial File Transfer Protocol) server.


Visible Symptoms

Some clear indications that Blaster has reached the computer are the following:

The network traffic increases on the TCP 135 and 4444 and UDP 69 ports.
The attacked computer blocks and restarts, due to programming errors in the code of the worm.

[danielwang]

Son...I run win98...it don't touch this shit..

So it's an inane post. but:

I Wasted Hours Fixing This Issue!

[Jebadia]

then my job here is done...

[AbsoluteDestiny]

Son...I run win98...it don't touch this shit..

So it's an inane post. but:

I Wasted Hours Fixing This Issue!

That will teach you to regularly download the security updates, then. The patch for it was available a month before the worm actually spread.

[Stoic]

I use a Free Firewall and a Free Virus Scanner and they both seem to be very effective against this worm.

[Warpwind]

My firewall seems to be doing a decent job as well since I haven't got the worm... but that could just be luck.

Still two of my friends got the thing and came running to me for help since I'm mildly computer literate. So I in turn ran to a friend of my brother who already had the fix and patch. At the moment I feel like a courier service

It's not that bad a virus since it doesn't do any permanent damage still someone might rewrite the code and make it into a real monster. At the moment it's just time consuming.