× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2003

RE: Strange Netbios connections

Maybe not really related, but:

FEATURED TIP 

RPC/BLASTER WORM SCHEDULED TO ATTACK WINDOWSUPDATE.COM
AUGUST 16TH
A new worm started spreading late Monday evening (UTC),
exploiting the 
Windows DCOM RPC vulnerability that was reported by the
U.S. 
Department of Homeland Security National Infrastructure
Protection 
Center and Microsoft on July 24. (Information on this
vulnerability 
also appeared in the last edition of this newsletter.)

As I write this, the virus is behaving benignly, but that
could change 
at any time. The virus is spreading rapidly, but not as
rapidly as it 
might have if Microsoft hadn't strenuously notified users
of the need 
to install patches protecting against it. Many Microsoft
customers 
have reported e-mails, phone calls, and faxes from their
sales reps 
encouraging them to patch the exposure.

Called the W32.Blaster worm because of the blaster.exe
program it runs 
on infected machines to spread itself to other systems, the
virus has 
caused a 500 percent increase in Internet-wide traffic on
ports 135-
139, 445, and 593. (See the graphs at the Internet Storm
Center, 
http://isc.sans.org/images/port135percent.png .) Other
names include 
W32/Lovsan.worm, WORM_MSBLAST.A, Win32.Posa.Worm,
MSBLASTER, and 
Win32.Poza.

Analysis of the worm reveals that it appears to be
scheduled to launch 
a denial of service attack against Microsoft's Windows
update site, 
WindowsUpdate.com, on August 16.

Microsoft offers a patch and a workaround. However, the
workaround 
involves ISPs blocking certain TCP/IP ports permanently,
which does 
not make it a very practical fix. The patch is less
drastic, but you 
must download and install a different patch for each
version of 
Windows. 

If your machine has already been infected with W32.Blaster,
Symantec 
has a removal tool available for download:
 
http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


However, you should be aware that Microsoft recommends
completely re-
installing the system from scratch on compromised machines
because the 
virus could plant a variety of back doors that are unknown
at this 
time.

The original NIPC bulletin is online at

http://www.nipc.gov/warnings/advisories/2003/Potential72403.htm
.

You should also read Microsoft's security bulletin, which
includes a 
link to patches for each version of Windows:

http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

******************************************************************

HTH
Marco


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.