OT: RPC Service Shutdown = BLaster Worm

[cybersol]

Quote:

Originally posted by Suicide Junkie:
A firewall or router would have protected you, as well.

Or, just NOT having windows NT/2000/XP installed would work too.

If the firewall had the following features active before initial infection then it would offer good protection:

Quote:

From the symantec site:
Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

Obviously, if the firewall did not protect those ports then it wouldn't help. Also if the virus was introduced behind the firewall (wired laptop for instance) then the firewall wouldn't help. Finally, because of the future threat of copycat worms it is best to run the Microsoft security update that Thermodyne and I gave links to in order to close this particular buffer overun issue for good.

I for one am glad the end result of this worm is just rebooting (though that was very annoying at the time) and denial of service attacks. Only HD change was a single additional file and registry entry.

Also note that 2000 Users could have this worm and under default OS settings they would not have the constant re-booting behaivor that happens on XP. Updating your virus definitions and microsoft patches just in case could not hurt

[ August 13, 2003, 09:15: Message edited by: cybersol ]