| For all winNT/win2000/winXP users | |
|
Aron - Retired  |
There's a new worm, which uses an exploit in WindowsNT based systems, to run code of the attacker's choice. Your computer will reboot randomly, etc. I have already seen dozens of people asking for help about this one on irc channels, so i decided to warn you all  Please follow this link for more information, and how to patch it. http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp This post was edited by Aron on Aug 12 2003 09:19pm. |
| Login and add your comment! |
| Comments |
|
Hardwired - Retired 
|
ha ha ha ha...thats true javaguy....But it wasn't like this a few weeks ago....I usually roam around 150 in ping...that i can live with...last weekend i had well over 300 and this weekend im in around 200... quite odd... _______________ ::Nothing wrong with a little shooting.....as long as the right people get shot:: |
|
JavaGuy - Student 
|
Weekend = more people looking at porn = more network congestion _______________ My signature is only one line. You're welcome. |
|
Hardwired - Retired
|
chosen one: Yes i know. To clairyfy things..im a network tech, so this isn't really my first firewall.. My biggest problem is more a problem of having the cake and eating it (like it always is). I wanna keep a thight lock on my ports, but i also wanna be able to play. Been working on it all weekend and i finaly found a config that im pleased with...Im a little more open than before, but it still pretty hard to expoit those openings. Btw...is there any other ppl for europe that gets a higher ping on the home/classes server on the weekends? Trying to figure out if it's my isp thats giving me greif....again....  _______________ ::Nothing wrong with a little shooting.....as long as the right people get shot:: |
|
JavaGuy - Student
|
I have no interest in moving on from e-mail. It's true that a hardware firewall won't save the stupid from their stupidity, but neither will anything else short of an act of God. I'm not going to give up something that has value for me just because some Darwin-bait bottom-feeder is going to click on every attachment he gets. _______________ My signature is only one line. You're welcome. |
|
DJ Sith - Jedi Council 
|
A hardware firewall won't save the stupid from clicking that attachment though. Seriously we need to move on from email. _______________ My car is made of Nerf. |
|
cHoSeN oNe - Retired 
|
HardWired: You need to open the specific ports for the game if you are going to run servers. There should be an admin page or utility that came with your router on how to do it. _______________ Get busy living, or get busy dying. |
|
Hardwired - Retired
|
Thats true java. The worm has to use a data port to access your computer. And if you have a tight lock on your ports you should be fine. I've been keeping an eye on my loogs these last few days, and i have had a few hits that i think is a worm attack. But it also depends on what kind of extra protection the firewall is equiped with. I can't honsestly state my life on that zone alarm work...i really think it's a piece of crap....I run a d-link 604 broadband router on my machines. Only trouble i have with it is getting the games to work online... _______________ ::Nothing wrong with a little shooting.....as long as the right people get shot:: |
|
JavaGuy - Student
|
Fate, I'm not an expert on this particular worm, but if it got through your firewall, your firewall is almost certainly configured wrong. It doesn't matter if someone sends data directly to a windows service on your computer if ZoneAlarm doesn't allow that service access to an outward-facing port. As soon as any process on your system tries to open up a server (listening) socket, ZoneAlarm pops up a dialog asking if you want to give it permission to do so. This applies equally to "native" Windows services and anything you install yourself. ZoneAlarm's default configuration for _any_ process is "thou shalt not" until you explicitly give that process permission. If it did get through ZoneAlarm, I'm curious to know what Windows service it used. Also, this doesn't relate to the latest worm, but, as a general rule, you should _not_ have Windows file and printer sharing turned on unless you have a very good reason to do so. If you do have file and printer sharing enabled, only enable it on those NICs that connect to your LAN, not the Internet. And turn off NetBUI! _______________ My signature is only one line. You're welcome. |
|
Buzz - Student 
|
The problem is there is now potential for more malicious versions of this worm to be created. Things that can harm your computer rather than just attacking the windows update server. I don't think I actually got the worm but my system was crashing. People that modify this thing could be able to make it so you're computer wouldn't crash when it tries to penetrate your system. And a firewall will help, you just need to make sure its blocking the proper ports. Most of the websites talking about the worm list which ports to block. _______________ When you are going through Hell, keep going. -Sir Winston Churchill. Those who seek power and control of others, no matter the level, no matter the intentions, should never be given it. |
|
Aeth S'kray - Retired 
|
strange thing. i havent been online the evening the "big crash" happened. I loge in the next day... nothing happens. I d/l the patch like an hour after i got online and still i didnt have the worm. i've heared of somebody who closed down his firewall on purpose to test the worm and he got it after 10 seconds beeing online, lol. somehow... the god of computers has his protecting hand over me. yay interesting worm btw. it opens ports. it's like somebody is opening your house door. but who will enter? and i've heared that within the worm's code there'd be a message that says "why do you allow things like that to happen? fix your software bill gates" funny. i somehow like the worm-writer, sorry _______________ Aeth S'kray *June 2002 +September 2003 |
|
Bubu - Hubbub 
|
i hate it, i used the free version for a while until i exploded. i use norton personal firewall. the full thing. so far it works nicely. _______________ make install -not war |
|
Jello` - Student 
|
Yeah its a good firewall type program thats easy to configure and dosent block games and its good yeah kthxbye _______________ Brady Brothers: Orion-Greg, Furi0us-Peter, Me-Bobby. Long lost cousin to Flash. Midbie Council #007. Ex-JAK. |
|
Jacen Aratan - Student |
Hmm, would this ZoneAlarm (which I don't have) be good to have? As in, downloading the free trial? |
|
Jello` - Student
|
My dad downloaded the fix a month ago when they first noticed something could be exploited, and i already have Zone Alarm _______________ Brady Brothers: Orion-Greg, Furi0us-Peter, Me-Bobby. Long lost cousin to Flash. Midbie Council #007. Ex-JAK. |
|
Plo Koon - Student 
|
oh and a fire-wall! _______________ Free Tibet! Click this link,and learn Here too |
|
Plo Koon - Student 
|
yeah i know,i hope you all have norton anti-virus protection system like me _______________ Free Tibet! Click this link,and learn Here too |
|
Fate - Student 
|
BTW, yes I did get it, and no most firewalls aren't going to save you. I run my internet connection thru to routers with built in firewalls and it still got me. And you aren't safe just because you don't open emails from random people. This one works by sending data directly to your computer through a windows service and then remotely executes the code. Scary and yet luringly creative stuff. _______________ I must not fear . Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear . I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Gom gom gom gom gom! |
|
Fate - Student 
|
Easy way to find out if you've got it. Restart your computer, press ctrl+alt+delete, click "Processes" and look for MSBlast.exe. If it's there end the task and go get the fix and worm remover. Should be able to find both at windowsupdate.com _______________ I must not fear . Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear . I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Gom gom gom gom gom! |
|
Bubu - Hubbub
|
screw zonealarm.. i've had so much trouble with that crap. just cough up some cash and buy a good firewall. it's worth it. look at me for example, i'm worm-free! _______________ make install -not war |
|
JavaGuy - Student
|
Anyone not using a firewall should get ZoneAlarm. Immediately. _______________ My signature is only one line. You're welcome. |
|
Buzz - Student
|
sorry java but this time its legit. I did have it. And I've not had problems since updating that patch. I know I had it because one of the websites talking about it displayed the exact errors I was getting. Right here it is http://www3.ca.com/virusinfo/virus.aspx?ID=36265 This is an actual issue I recommend anyone not using a firewall to get one or download the patch. _______________ When you are going through Hell, keep going. -Sir Winston Churchill. Those who seek power and control of others, no matter the level, no matter the intentions, should never be given it. |
|
JavaGuy - Student
|
"Your computer will reboot randomly, etc..." If this happens to you, it may not be a worm. It may just be normal Windows behavior. Here's what I love about this: The worm is set to attack the windowsupdate site. Users are advised to protect ourselves by getting a patch from--drumroll please--the windowsupdate site! Oh yeah, that's a patch I'm eager to intall. God only knows what it will contain. ;p _______________ My signature is only one line. You're welcome. |
|
Buzz - Student
|
Its been around longer. They just identified it yesterday because I started to get these problems late last week. _______________ When you are going through Hell, keep going. -Sir Winston Churchill. Those who seek power and control of others, no matter the level, no matter the intentions, should never be given it. |
|
Acey Spadey - Student 
|
it only came into affect in the last 36 hours or so. and it's really travelled. I myself spent 2 hours plus time to the Microsoft Tech support fixing it up. once I found out how, it's pretty easy and takes about 30 mins to 50 mins depending on your internet connection as you have to download a file. I myself took an extra time doing it though cause I checked and updated my virus scanner and did another full system scan. and found another worm in the process. so UPDATE your virus scanners and I suggest that everyone run a full system scan. also a friend of mine was lucky and his firewll stopped it. _______________ .Lag Bro to Xanatos. Adopted Twin to Bubu. Big-Brother to SmilyKrazy ---- JATSRAD Guru, JASE Member, JA SP Mod Staff ---- The Order of the Stick -- Big thanks to Mango for my avatar -- Quote: Sometimes you've got to specifically go out of your way to get into trouble. It's called fun.
Quote: (Random hella old quote) <Fizz of Belouve> .. in sovjet russia, cereals spit at YOU!
Quote: whats the point of growing up, if your not allowed to act childish!
Padawan - Henkes
|
|
Buzz - Student
|
Yeah I've got it, I'm trying to find it now and get rid of it _______________ When you are going through Hell, keep going. -Sir Winston Churchill. Those who seek power and control of others, no matter the level, no matter the intentions, should never be given it. |
| Login and add your comment! |