Thread: OT: RPC Service Shutdown = BLaster Worm
View Single Post
  #8  
Old August 14th, 2003, 01:38 AM
Thermodyne's Avatar

Thermodyne Thermodyne is offline
Lieutenant Colonel
  
Join Date: Dec 2000
Location: DC Burbs USA
Posts: 1,460
Thanks: 0
Thanked 1 Time in 1 Post
Thermodyne is on a distinguished road
Default Re: OT: RPC Service Shutdown = BLaster Worm
OK, here is a little update. It looks like it got set loose by hacking a backbone switch. And uses a port that is usually open on firewalls.

_______________________________________________

BLaster worm continues to cause Microsoft Windows havoc

Thing continues to proliferate

By INQUIRER staff: Wednesday 13 August 2003, 10:52

NO-ONE IS entirely sure how many Windows 2000 and XP machines have been infected by the backdoor BLaster/LovScan worm since it emerged at the start of the week but estimates range in the hundreds of thousands so far.
But one senior US support technician, speaking to the INQ on terms of anonymity, said that the extent of the problem is greater than virus firms have so far estimated.

Despite being described by Symantec and other anti-virus firms as being "badly written", he told us today: "Whoever made this thing deserves a pat on the back. It completely goes around most forms of existing Windows security".

It does appear to have affected individuals and small businesses, rather than large corporations, mostly because many people are unaware of the type of things you need to do these days to protect yourself.

Not only do we have viruses and worms, machines can be affected and slowed down by spyware, by Messenger-inspired pop-ups. And then there's spam.

While Microsoft did notify that a security hole in its software should be patched on July 16th, it seems many people didn't bother to do so. The problem is that Microsoft regularly issues so many patches that inexperienced Users may not realise they need to download them.

It's not just inexperienced Users, however. Many large corporations and organisations have policies about patches, recognising that it's unrealistic to upgrade or "patch" hundreds or perhaps thousands of machines. Even large ISPs failed to patch a gaping hole exploited by SQL Slammer earlier this year, causing widespread downtime further down the line.

The technician claimed that someone had hacked a high level internet switch at Genuity, a large backbone provider in the USA.

The worm, he said, spreads using Remote Administration. Windows 2000 and Windows XP automatically accepts remote administration commands from switches, routers and hubs. He claimed that in his office, also located in the USA, got 12,000 calls from XP Users in California alone – an extra 40 calls per agent per shift.

The worm itself is relatively easy to destroy, once Users have figured out what the problem is. But it doesn't always show the same symptoms to the same user, meaning that it can take a while for Users to realise that it's an infection, and not just a problem with the operating system itself. µ
__________________





Think about it
Reply With Quote