Author Topic: RPC worm  (Read 2423 times)

jasonlane

  • Member
  • **
  • Posts: 743
  • Kudos: 0
    • http://www.root10.net
RPC worm
« on: 12 August 2003, 15:52 »
web page

Seems to have bitten M$ up the ar$e as well. I'll check on netcraft latter but Vole central was down today at 12:00 GMT
The MES Anti-Prude Force
*******
"I don

Stryker

  • VIP
  • Member
  • ***
  • Posts: 1,258
  • Kudos: 41
RPC worm
« Reply #1 on: 12 August 2003, 16:30 »
my xp machine got that today too. i only noticed because the rpc service kept shutting down, and it wanted to reboot. shutdown -a every time i boot is very annoying.

oh well, i never use that machine anyways.

M51DPS

  • VIP
  • Member
  • ***
  • Posts: 608
  • Kudos: 30
RPC worm
« Reply #2 on: 12 August 2003, 19:29 »
quote:
Originally posted by Stryker:
my xp machine got that today too. i only noticed because the rpc service kept shutting down, and it wanted to reboot. shutdown -a every time i boot is very annoying.

oh well, i never use that machine anyways.



Just make sure it's on during the 16th of August.

Kupotek

  • Member
  • **
  • Posts: 74
  • Kudos: 0
    • http://kupotek.dyndns.org
RPC worm
« Reply #3 on: 12 August 2003, 23:00 »
Turn on your firewall, also look up the tool removal for  msblast.exe on symantec.com, and run that.  Getting online without a firewall is  stupid anyways.
"The only thing that is impossible is the possibility of impossibility" KittySafe Ntwrk.

jasonlane

  • Member
  • **
  • Posts: 743
  • Kudos: 0
    • http://www.root10.net
RPC worm
« Reply #4 on: 12 August 2003, 23:11 »
Don't remove MSBLAST.EXE until after the 16th, surely???   :D      :D  

Infact I have an XPee laptop here, rarely running, that I just may well connect to the internet....It's sure to catch some sort of virus.

[ August 12, 2003: Message edited by: Zardoz ]

The MES Anti-Prude Force
*******
"I don

M51DPS

  • VIP
  • Member
  • ***
  • Posts: 608
  • Kudos: 30
RPC worm
« Reply #5 on: 13 August 2003, 05:51 »
According to this article the worm contains the message, "Billy Gates why do you make this possible? Stop making money and fix your software!!". Think they got it yet?

Faust

  • Member
  • **
  • Posts: 1,223
  • Kudos: 0
RPC worm
« Reply #6 on: 13 August 2003, 06:00 »
quote:

Said Hyponnen: "On the 16th of August, the worm will start a distributed denial of service attack against the windowsupdate.com server".


Good thing: Microsoft gets hit badly.
Bad thing: Due to worm traffic on my local network I'm getting bad ping times in games.  :(  [sob]

And yeah, if you leave samba open to the www you deserve to get hit but this isn't the underlying problem - the problem is that Microsoft security is crap.  By *default* a fresh install of XP will leave "shared folders" network writable which leaves you open as all hell to nimda etcetera.  Not to mention the speed with which other worms can crack samba passwords.  ;)

Oh and by the way for those of us on permanent LANs (me) and running Windows (not me    ) using a firewall when connecting to the internet wont help.  Because samba will be open to the local network (this is after all what it's intended purpose is) all it takes is for *one* person on a Windows users subnet (could even be on the same subnet your ISP just gave you) and you can quite easily be infected.  A firewall is useless, the only "safety" available is to turn off samba or password it.  Which off course makes samba completely useless for anonymous file sharing as well. :)
(Even then most samba passwords can be cracked quickly.  Especially if you have XP home and havent booted up in safe mode to give the "administrator" account a password.)

Unpassworded admin accounts by default.  Good work Bill you dumb fuck.
Yesterday it worked
Today it is not working
Windows is like that
 -- http://www.gnu.org/fun/jokes/error-haiku.html

Faust

  • Member
  • **
  • Posts: 1,223
  • Kudos: 0
RPC worm
« Reply #7 on: 13 August 2003, 06:05 »
TCP 135 is an RPC port ???
Isn't that samba?
Yesterday it worked
Today it is not working
Windows is like that
 -- http://www.gnu.org/fun/jokes/error-haiku.html

Faust

  • Member
  • **
  • Posts: 1,223
  • Kudos: 0
RPC worm
« Reply #8 on: 13 August 2003, 06:06 »
quote:

 If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
 
 Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.


ROFLMAO  :D
Yesterday it worked
Today it is not working
Windows is like that
 -- http://www.gnu.org/fun/jokes/error-haiku.html

suselinux

  • Member
  • **
  • Posts: 711
  • Kudos: 30
RPC worm
« Reply #9 on: 13 August 2003, 13:05 »
Debit was down in some of the vancouver area

I think it might have been this bug, cause I was told that the actual banks were down not just the debit system

bigsleep

  • Member
  • **
  • Posts: 105
  • Kudos: 0
RPC worm
« Reply #10 on: 13 August 2003, 14:27 »
I think that any machine that sends a virus out to other computers should get it's IP blacklisted, that should effectively shut down most MS servers eventually.
My server still gets RedCode type hits.

Jeeze, I'd go on... but I got things to do (like block spam).

Pissed_Macman

  • VIP
  • Member
  • ***
  • Posts: 2,499
  • Kudos: 0
    • http://www.macrevolution.tk
RPC worm
« Reply #11 on: 13 August 2003, 14:43 »
THIS IS FUCKING PRICELESS!!!!! AHAHAHHAHAHAHHA!!!!!!! Seriously, are any of you behind this?

Hey we should all go out and install illegal versions of Xpee on our PCs to add to Microsoft's problems.

Wow this is really great. Maybe this will get the message across that M$ products SUCK ASS!!!!

jasonlane

  • Member
  • **
  • Posts: 743
  • Kudos: 0
    • http://www.root10.net
RPC worm
« Reply #12 on: 13 August 2003, 15:42 »
quote:
Despite being described by Symantec and other anti-virus firms as being "badly written", he told us today: "Whoever made this thing deserves a pat on the back. It completely goes around most forms of existing Windows security".


Heh he

Samba is shit. Samba is 137 to 139. 135/tcp is DCE endpoint resolution and 135/udp is RPC. NT also had some DNS & DHCP management stuff there as well.

Also it's nice to see 135 traffic rising, it's like a symphony to my ears.

However 135 seems to have given Bill and his minions trouble in the past as well.

135

Will we look back on this in years to come and say:

 
quote:
Remember the 135!


Die Micro$hite, die!

[ August 13, 2003: Message edited by: Zardoz ]

The MES Anti-Prude Force
*******
"I don

wargames_guru

  • Member
  • **
  • Posts: 24
  • Kudos: 0
RPC worm
« Reply #13 on: 13 August 2003, 16:05 »
ROTF: my firewall log is 5 pages and counting...he he damn worm has been scanning all night. but lo and behold 135 is stealthed on my box/boxes. urp........IF you read this....Hi bill, hope you idiots in Redmond have plenty of Egg on your faces......ha he he ha ha
Adore is useless......long live
FreakyG.

jasonlane

  • Member
  • **
  • Posts: 743
  • Kudos: 0
    • http://www.root10.net
RPC worm
« Reply #14 on: 13 August 2003, 21:05 »
So already there's a new version of blaster out there!!!! Also IBM & Mototrola have been infected, because of the fucking excuse of a company called Micro$hite. I hope they get taken to the cleaners, they do not deserve their position.

I only hope this causes IBM to drop M$ altogether.

They must go!

[ August 13, 2003: Message edited by: Zardoz ]

The MES Anti-Prude Force
*******
"I don