W32.Blaster.Worm, Who Got it?

yankinlk

Originally posted by Carnate
Almost a Good point!

But if you have a "PAID FOR" antivirus program you dont have these problems.

Not one of my customers was infected by this virii - all of them are on a paid for version of norton set to update automatically. (Except the one eejit who didnt have it on his home pc - he got it- and now he does have av paid for)

LegacyUser

Originally posted by Carnate
Almost a Good point!

But if you have a "PAID FOR" antivirus program you dont have these problems.

As to the comment that files like "Mblast have no user intervention" is sadly untrue, all viruses "need" user intervention of some form for then to spread and not all users are Technically minded, believe me after years of supporting them, i can say this with confidence. But that said every new virus/trojan/worm gets more and more harder to detect. easy rule of thumb is have a good virus checker running and have it using heuristics. and always have a fire wall what ever your connection speed.

Msblast needs no user intervention, its totally automated, unless turning on your computer counts as user intervention. As for running a virus scanner, you need a decent pc to run it in real time, scan on access can have a big performance hit on older machines so its not always possible, specially in a work environment where for alot of companies a p1 is still good for another two years cause it'll run word 97

zAbbo

Originally posted by Webmonkey

As for anti virus, - Virus's will always be one step ahead but still worth having anti virus installed

Hmm not so, worms and other virii have certain Characteristics that alert up to date AV software.

Just turn on heuristics on!

Carnate

Originally posted by bananayoghurt
Msblast needs no user intervention, its totally automated, unless turning on your computer counts as user intervention. As for running a virus scanner, you need a decent pc to run it in real time, scan on access can have a big performance hit on older machines so its not always possible, specially in a work environment where for alot of companies a p1 is still good for another two years cause it'll run word 97

Whatever, my meger experience is tiny compared to yours so i bow to the Vastness of your Knowledge.(sic)

Also as i stated b4 a "PAID FOR" Antivirus program WILL protect you as long as the definitions are ALL up to date and u have Heuristics running as well.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Also Bananay read above. And please before you put foot in mouth THINK pls. I would love to know what companies are using Pentium 1 pc's. ROFL.. Also as to your comment that you need a high end spec Machine to run a "good AntiVirus program" is utter ****e!

Simple Advice, If yah dont Know Dont type!

zAbbo

Originally posted by Carnate

I would love to know what companies are using Pentium 1 pc's. ROFL.. Also as to your comment that you need a high end spec Machine to run a "good AntiVirus program" is utter ****e!

Simple Advice, If yah dont Know Dont type!

hmm we have around 4-5 machines here running 75mhz p1`s, stable machines, the trick is to have decent av/recovery system on ur server/proxy coupled with a decent firewall(hardware).

LegacyUser

Originally posted by Carnate


http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Also Bananay read above. And please before you put foot in mouth THINK pls. I would love to know what companies are using Pentium 1 pc's. ROFL.. Also as to your comment that you need a high end spec Machine to run a "good AntiVirus program" is utter ****e!

Simple Advice, If yah dont Know Dont type!

Read above for what exactly ?
There are about 6000 machines where I'm working and at least 300 are p1's
I've personally gone out to users where the machine has been painfully slow, 2 minutes to open adobe reader for god sake, and the reason was virus scanners scanning all files on access, it totally crippled them !!, I didn't say you need a high end spec machine to run a virus scanner, i said you need a decent one if you are going to be running real time scanning on all file access and I stand by that, decent being at least a p3 500.

elexes

dell , ibm , hp , intel use a lot of p1 systems - reason it works the software works why bother spending to barly improve somthing that works perfectly .

easons use p1's up to last year most of the national lotto machines were old 486's afaik . there now replaced with some cyrix chips i think r maby its k6's .

dunnes use p1's in there store for there older registers . hmmm a lot of accountants and loyers use p1 systems .

o nasa use 486's in there shuttles . hmmm know theres other companies that use them just cant think of who atm .

old p1 systems tho slow are still alive and well and doing a dam good job with win 95/3.1 on them . rember bing in collage and the win 3.1 systems on the network never gave bother but the win nt computer were **** to use

also this virus was Discovered on: August 11, 2003 and a anti virus live update released later that day but wasnt it infecting ppl on the 10th ?

Lenny

Hearing a lot about this virus on lots of forums,
haben't noticed anything on my pc, and connected to the net 24/7, but have norton firewall running though.

GuanYin

I noticed scvhost.exe crashing two days ago yesterday and took the appropriate measures when I figured out what was going on.

I contacted the computer services dept here and informed them what was happening, mailed the details on how to sort it and pointed out that you needed service packs up to date etc etc.

the next day they had told everyone that it was "a virus infecting there computer" (it isn't) then corrected it to being infected with a worm (for the most part, people aren't infected, its the attack on svchost thats causing them problems).

As a result I'm spending most of the day with people telling me that the computer services fix isn't working (as they have the fix for those infected, not those experiencing svchost issues which is more common). As a result I'm inclinded to believe that the IDIOTS in CS here got their qualifications in christmas crackers or something.

</rant>

elexes

Originally posted by sykeirl
I noticed scvhost.exe crashing two days ago yesterday and took the appropriate measures when I figured out what was going on......

(as they have the fix for those infected, not those experiencing svchost issues which is more common).
</rant>

just wondering . im experiencing some probloms with a till system im working on thats running win 2k without any service packs and scvhost.exe keeps crashing when certian programs are run.

ive looked for this worm or a sign of it but cant find it . what have you been doing to fix the problom as it may be the same as the problom im experiencing

GuanYin

Download the service pack (you need at least service pack 2 to run the patches) and the the security updates from windowsupdate.microsoft.com

That will stop the svhost crashes.

Check then that you don't have a file called msblast.exe running (ctrl+alt+del and then look at processes).

If you don't you're ok and not infected.

If you do then go to the symantec website and get the blaster remove tool.

Kevok

Is this the first worm/virus that could propagate itself across the internet without the use of an SMTP engine? If so, does that not leave microsoft in massive trouble for allowing such a massive security flaw go unnanounced. A fix was made available yes, but thats about it, no press release, no media bulletins. It was just a matter of time.

In the last hour i've been hit on port 135 67 times. I can't be infected because of my setup but with an exposed computer I'd be hard pressed to keep it out.

GuanYin

Its a piece of genius.

Its as close to a biological parasite in terms of spread as can be achieved in the wild.

That said, it seems its been poorly coded and that with several modifications could have been a whole lot worse.

Gerry

Originally posted by Carnate

I would love to know what companies are using Pentium 1 pc's. ROFL.. Also as to your comment that you need a high end spec Machine to run a "good AntiVirus program" is utter ****e!

Simple Advice, If yah dont Know Dont type!

Might want to take some of your own advice there. Plenty of smaller companies would use p1's, I've seen plenty of stock control systems running on 486's and p1's. If it works...
A 486 33 with 16mb ram runs the firewall for our networking society in college, mind you it's not running windows. Still though, windows 95/98 is happy enough with 32 - 64mb ram, you can run nt4 if you want also. Main thing on old p1 machines is the really slow hard drives, if you replace it with a newer, faster model you get a good speed boost.

Carnate

Originally posted by Gerry
Might want to take some of your own advice there. Plenty of smaller companies would use p1's, I've seen plenty of stock control systems running on 486's and p1's. If it works...
A 486 33 with 16mb ram runs the firewall for our networking society in college, mind you it's not running windows. Still though, windows 95/98 is happy enough with 32 - 64mb ram, you can run nt4 if you want also. Main thing on old p1 machines is the really slow hard drives, if you replace it with a newer, faster model you get a good speed boost.

Sry Gerry but ever seen a stock control pc with a virus? and a 486 firewall get infected?

and also this worm only infects Win me and NT based Operating systems. :P

Also i fail to see what a new hard drive has to do with the MBlast.exe worm.

Dempsey

Originally posted by Kevok
Is this the first worm/virus that could propagate itself across the internet without the use of an SMTP engine? If so, does that not leave microsoft in massive trouble for allowing such a massive security flaw go unnanounced. A fix was made available yes, but thats about it, no press release, no media bulletins. It was just a matter of time.

I heard about the flaw on 2fm about a month ago. I got that patch on the 25th of JULY. The virus was discovered on the 11th of August. Microsoft gave it "Maximum Severity Rating: Critical ". Dunno about press releases but there were media bulletins(only heard it on radio though, havent read any newpapers in two months). But it was put strongly by Gareth O'Callaghan that was a severe flaw in the mircosoft operating systems (be it only 2000 and Xp).

Also i fail to see what a new hard drive has to do with the MBlast.exe worm.

It doesnt have anything to do with it. He was just pointing out that a P1 system still has a bit of speed in it for some applications and a newer hard disk would give a better system performance.

LegacyUser

Originally posted by Carnate
Sry Gerry but ever seen a stock control pc with a virus? and a 486 firewall get infected?

and also this worm only infects Win me and NT based Operating systems. :P

Also i fail to see what a new hard drive has to do with the MBlast.exe worm.

"this Worm" what about all the rest, think you were originally rolling around the floor laughing about how no companies use p1 systems, they do, end of story, ignorance is bliss

Carnate

Dude try and keep up with your posts pls..

And ure right u being ignorant is blissful to me!

Webmonkey

Originally posted by bazH
Hmm not so, worms and other virii have certain Characteristics that alert up to date AV software.

Just turn on heuristics on!

I know this but virus's will always have the step ahead, they can come up with new Characteristics to make them unknown the the AV software

Carnate

A reminder the "Worm" only infects NT based OS's, and i know that a pent 1 no matter how powerful , wont run a NT based OS.

Correct me if im wrong..

This does not include u Bananay!

As i have known Gerry a long time, i respect his views!

Gerry

Ok, well my view was given in response to you saying you couldn't believe how some companies were still using p1 systems. I was just saying that they aren't actually too bad, and that with a newer hard drive, they work quite ok. I think you must have forgotten about that part of your post Correct, the 486 didn't get infected, it runs freebsd. Point was that it is still useful

LegacyUser

Originally posted by Carnate
i know that a pent 1 no matter how powerful , wont run a NT based OS.

Correct me if im wrong..

ROFLMAO
a pentium1 will run windows XP, windows 2000, NT4 and NT3.5

I used to run windows 2000 server on a p1 233 and it wasn't a dog, nt4 & NT3.5 workstation will run quite well on a p1 with sufficient ram,

Washout

the patch for this vulnerability was released 4 months ago.

its amazing how many ppl dont at least download the microsoft security patches

echomadman

its amazing how many ppl dont at least download the microsoft security patches

Its amazing how many people are on crappy €ircon dialup accounts in this country too,
try downloading all Microsofts "critical" patches @&lt;28k, then download the patches for the patches, and the critical updates for those patches......

this worm targets home users who are for the most part blithely ignorant of the hows and whys of computer security.

zAbbo

Originally posted by Webmonkey
I know this but virus's will always have the step ahead, they can come up with new Characteristics to make them unknown the the AV software

You know them personally, tbh only the weak get infected, patch your system up, use a firewall etc, have up to date AV software.

Like for instance, here on this 50 user network, one machine checks for updates off the net twice a day, all other machines connect to this AV local machine to request updates.

Unfortunately our main email server got infected, but hueristics picked it up as an unknown virus, and quarintined it. I ran the removal and bingo bango, we`re clean.

Do you drink JOLT cola, webmonkey

elexes

Originally posted by bananayoghurt
ROFLMAO
a pentium1 will run windows XP, windows 2000, NT4 and NT3.5

I used to run windows 2000 server on a p1 233 and it wasn't a dog, nt4 & NT3.5 workstation will run quite well on a p1 with sufficient ram,

i rember them days

Washout

Originally posted by echomadman
Its amazing how many people are on crappy €ircon dialup accounts in this country too,
try downloading all Microsofts "critical" patches @&lt;28k, then download the patches for the patches, and the critical updates for those patches......

this worm targets home users who are for the most part blithely ignorant of the hows and whys of computer security.

i agrewe with you totally about home users but what about all the users who were infected working for buisness's who have good connections.

I work for a major IT corporation and today is friday and we still cant access all our domains because at least 80% of computers got affected and IC have put in place restriction of acces till the whole network is clean.

We ahve 2 4 megabit lines in here so thats what amazes me that ppl dont update their os's.

Paddyo

Hi

People who are concerned with keeping upto date with computer advisories, such as the one regarding this vulnerability, can register with http://www.cert.org and receive advisories by mail.

Regards
Paddyo

Ro

Originally posted by eth0_
BTW did you know the worm had a payload, a ddos against the windows update site on the 16th of August, so everyone infected would have been hammering the windows update site!

Microsoft have just moved www.microsoft.com and windowsupdate.microsoft.com onto Akamais Edge Servers. I doubt that worm will have much of an effect on them now.

Dempsey

Originally posted by Washout
the patch for this vulnerability was released 4 months ago.

its amazing how many ppl dont at least download the microsoft security patches

The patch was first released on the 16th of July.