CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics > Computer Networking & Security
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  


 
 
Thread Tools Display Modes
  #1  
Old Aug 11, 2003, 08:52 PM
slimsha3y slimsha3y is offline
Veteran
 
Join Date: Jun 2002
Posts: 558
Thumbs down New Virus: Important !

sponsored links

 
theres a new Virus going around that shuts down your pc...

link for microsoft patch (this will stop it): ***********.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

--

This RPC DCOM worm started spreading early afternoon EDT (evening UTC). At this point, it is spreading rapidly.

more info on: ********isc.sans.org/diary.html?date=2003-08-11



just thought i would let you know




Tom
  #2  
Old Aug 12, 2003, 12:05 AM
Darkman Darkman is offline
suspended
 
Join Date: Aug 2000
Location: Australia
Posts: 6,424
Default

Actually is causes the infected PC to restart not shut down and it launches an attack against windowsupdate.com the microsoft update site.


There's nothing new here, it just reinforces the message to use a little common sense when checking your emails, if it doesn't look right then delete it without opening. When was the last time that an email sent to you out of the blue made a greate positive impact on your life? - never right? so turn up the paranoid-meter a notch and blow away those "Hi I've been waiting for you all my life and want to bear your children" emails without reading them.
  #3  
Old Aug 12, 2003, 03:20 AM
gooner gooner is offline
Veteran
 
Join Date: Jan 2002
Location: London, UK
Posts: 1,795
Default

***********.cdrom-guide.com/forums/showthread.php?threadid=254055 FYI
  #4  
Old Aug 12, 2003, 03:33 AM
jerkwheat jerkwheat is offline
Member
 
Join Date: Mar 2003
Posts: 198
Default

Quote:
[i]Originally posted by Darkman [/i]
[B]Actually is causes the infected PC to restart not shut down and it launches an attack against windowsupdate.com the microsoft update site.


There's nothing new here, it just reinforces the message to use a little common sense when checking your emails, if it doesn't look right then delete it without opening. When was the last time that an email sent to you out of the blue made a greate positive impact on your life? - never right? so turn up the paranoid-meter a notch and blow away those "Hi I've been waiting for you all my life and want to bear your children" emails without reading them. [/B]
hahaha, nice
  #5  
Old Aug 12, 2003, 07:49 AM
copyright copyright is offline
Veteran
 
Join Date: May 2003
Posts: 693
Default

It not a virus, its more like a worn [its a variation of a exploit]. This is how the original explit works. You scan an ip range, or a single ip for port 135, it has to be open, then it trys overflowing its buffer [yes i know worded strangly]. If it succeded it drops you into the system shell. Were you gain acess to the comp through DOS, you can do whatever you want, delete/upload/download and even format the computer if you are proficent in dos and in the "net" command. Even though the RPC service runs on port 135, you gain access to the comp through port 4444 as a default, so if you think your being hacked, run a netstat, but if the attacker will smart he will use another widly available tool and select a different port. You can even start and run a ftp server on thier comp. Now, what alot of script kiddies use is add a remote adminstration account and log in, when you do that the victim is loged out and the script kiddie is loged on, they have to do whatever they want pretty quickly before the victim logs back in. And this is were the whole computer shut down effect plays in. This curropts the RPC Serivce, were as the DOS access does not. The RPC service Is a vitial windows service causing windows to shut down, but the automatic shut down can be canceled by going into start, run and entering in "shutdown.exe -a". At which that time you should go and download the patch. This is the biggest hole in windows, afftecting w2k-2k3[server] systems. What the worn does is automate this task, and lets anyone log into their system. And a DDOS atack will be laucnhed on windowsupate.com on the 16 from all infected computers.

I feel that im going to have a sudden influx of e-mails from script kiddies after this article...

1337

Last edited by copyright; Aug 12, 2003 at 08:01 AM.
  #6  
Old Aug 12, 2003, 08:47 AM
slimsha3y slimsha3y is offline
Veteran
 
Join Date: Jun 2002
Posts: 558
Default

well i dont know much about it, i was just trying to help
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
<<<<<<<<<Novarg Virus - Read In>>>>>>>>>> gooner Open to All Computer Related Topics 4 Jan 27, 2004 08:37 PM
Virus Alert ! VLC Open to All Computer Related Topics 25 Nov 13, 2003 07:45 AM
The Dangers of Virus Writing/Hacking Combined Charm Computer Networking & Security 0 Nov 03, 2003 11:06 PM
Virus Warning Look In GASPOWEREDPORCHMONKEY Open to All Computer Related Topics 5 Mar 04, 2003 05:56 PM
any one know about this virus ?? spinna Computer Networking & Security 3 Sep 29, 2002 01:17 PM


All times are GMT -5. The time now is 01:57 AM.



Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 1996-2009 CDROM-Guide.com. All rights reserved