From Mess.be:

Updated: D'z warned me about this earlier on and now Symantec released a security report regarding the W32.Blaster.Worm.

This worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.

You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.

To find out whether you're infected, press Ctrl+Alt+Del and verify if the process 'MsBlast.exe' is running. If it is, kill the process MsBlast.exe from the task manager. Next, execute regedit.exe and search for the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Delete "windows auto update"="msblast.exe" from the right pane.

Final step: delete msblast.exe from either the Windows System and/or System32 folders.

Update #2: Do these instructions stupefy you? D'z was one of the very first to create an auto-cleaner for this worm, and now Symantec released a removal tool.

[Detailed removal instructions: Symantec.com]

nice tip ;)

i found this

http://asia.reuters.com/newsArticle.jhtml?...storyID=3266448 (http://asia.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=3266448)

which specifically targets computers running Windows XP and Windows 2000 Well i guess im safe. :D

yes well I tryed that but didnt work ;)

so i formated a fluked upgrading teh patch before it go me a 4th time :angry:

Originally posted by [-Crono-]@12 August 2003 - 16:03

which specifically targets computers running Windows XP and Windows 2000 Well i guess im safe. :D
I have Win2000. Everything is working great here, no probs. :)

year seems to effect XP users more

it effects all windows systems, not linux or MAC

http://www.microsoft.com/technet/treeview/...in/MS03-026.asp (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp)

k i have 2 Questions how did everyone get it and i dloaded the porgram from microsoft is that enough to keep me safe i'm running on xp pro

Here's an easy way to remove that worm!

W32.Blaster.Worm Removal Tool (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html)

If you don't (or do) have Norton AntiVirus installed, this free program will fix the problem for you.

XP users, carefully read the instructions. You'll need to temporarily disable Windows Restore.



Once the problem is fixed, even if you don't have the worm, the Norton program will direct you to the exact Microsoft web page for the free MS patch to download.

Originally posted by [-Crono-]@12 August 2003 - 21:41
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
I guess no one told the idiot author that trying to DoS any Microsoft site is pretty much useless. MS' servers are sitting on a pipe the size of Kansas, especially the Windows Update servers.

lol.

you don't no how big it is until someone says something like that :rolleyes:

*sigh* the windows NT code is so troublesome :( but I don't want to go back to 9x code maybe Billy gates SHOULD stop making money and fix it's NT code

Originally posted by Cl1mh4224rd@14 August 2003 - 04:48
I guess no one told the idiot author that trying to DoS any Microsoft site is pretty much useless. MS' servers are sitting on a pipe the size of Kansas, especially the Windows Update servers.
Well, when 300,000 people are doing the attack with all of their available bandwidth, it might not be as useless as you think. However, since MS knows about the attack, they could easily change the domain to point to 127.0.0.1, completely avoiding the attacks.

This does not effect every windows user. It is only XP, NT, 2000 and 2003 Server. It exploits the hole that MS admitted to on 16th July this year.

The reason everyone knows abou it is that it is badly written. The XP systems realise that something is happening and they shut down for security. That way people know something is wrong and they look into it.

Had it been written better it would be more widely spread and the attack planned for the 16th would have been much more brutal.

It is easily fixed. Loads of people have released tools to do it. Try the Symantec site for an easy fix.

The main problem with XP is that it comes withe the Firewall swithced OFF by default and Universal Plug and Play switched ON.

I have said this many times before. Go to

www.grc.com

and get your ports checked. Also get UPnP closed and port 135 checked.

Just run the Shields Up tests.

Well, when 300,000 people are doing the attack with all of their available bandwidth, it might not be as useless as you think.
Ehh... I'd be very surprised if the WU servers actually went down, regardless. Those servers probably deal with millions of downloads a day, without flinching.