-
August 28th, 2003, 11:18 PM
#81
Just found this update from sophos ...
W32/Blaster-E is functionally equivalent to W32/Blaster-A, except for the following changes:
The registry entry used has been changed to
HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\Windows Automation
The target for the Distributed Denial-of-Service attack has been changed to kimble.org
The internal message has been changed to
"I dedicate this particular strain to me ANG3L -
hope yer enjoying yerself and dont forget the
promise for me B/DAY !!!!."
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 29th, 2003, 09:19 AM
#82
With Activity in the media.. you would think many of the dumb asses would have atleast heard of the MSblaster/lovsan worm.. but nooooo..
had five systems today infected with each of the RPC-DCOM worms today..
and ALL of them are with the ISP I mentioned above.. dunno if I should also send a bill for frigging around to the ISP for their stupidity..
think I will check out Bundy or J.D,,
And wash my mind of the stupids..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 29th, 2003, 10:16 AM
#83
Seems the FBI have their sights set on an 18 year old as one of the authors of MSblaster .... news is currently being carried on most the major news websites ....
U.S. cyber investigators have identified a teenager as one author of a damaging virus-like infection unleashed weeks ago on the Internet and plan to arrest him early Friday, a U.S. official confirmed.
The 18-year-old was accused of writing a version of the damaging "Blaster" computer infection that spread quickly across the Internet, the official said, speaking on condition of anonymity. The official asked that further identifying information about the teenager not be disclosed until the arrest. " --- snippet from CNN.com
Wouldn't like to be in his shoes .... no doubt the spooks have tabs on him right now watching him squirm as this news breaks.
Oh how the worm turns .... sorry couldn't help myself on that one !!
-
August 29th, 2003, 10:33 AM
#84
link please
ta .... either to busy or I am to lazy.. (me thinks it is the latter)
cheers
Sry for being rude
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 29th, 2003, 11:40 AM
#85
Sorry about the lack of links - CNN and Foxnews are carrying the story on links off their front pages at this time .... but anyway here you go.
http://www.foxnews.com/story/0,2933,95978,00.html
http://www.cnn.com/2003/TECH/interne....ap/index.html
.... even believe the Sydney Morning Herald site is carrying the story.
-
August 29th, 2003, 02:35 PM
#86
Reply from ISP..
The ports were unblocked due to an internal decision
I will word my reply when sober
cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 31st, 2003, 02:05 PM
#87
How is everyone else going here..
Seems the infection rate is on the upper here.. 3 repairs here today.. all MSblaster.. one machine infected with in 5 mins of signup with isp.. customer was not impressed.. I was less impressed when the ISP claimed the fault was the modem..
nothing worse than when the tech support is "Battery Hens"..
oh and five other enquiries.. also appear the RPC-DCOM worms related..
give me a bigger gun..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 31st, 2003, 02:16 PM
#88
Originally posted here by Und3ertak3r
How is everyone else going here..
Seems the infection rate is on the upper here.. 3 repairs here today.. all MSblaster.. one machine infected with in 5 mins of signup with isp.. customer was not impressed.. I was less impressed when the ISP claimed the fault was the modem..
nothing worse than when the tech support is "Battery Hens"..
oh and five other enquiries.. also appear the RPC-DCOM worms related..
Attempted infections declining here - from 16 pages of attempts down to 9 pages now.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 31st, 2003, 08:47 PM
#89
a new worm exploiting RPC/DCOM has appeared...
NAME: Raleka
ALIAS: Worm.Win32.Raleka, W32/Raleka, W32/Raleka.worm, WORM_RALEKA
VARIANT: Raleka.A
This worm is probably of Spanish origin given the text strings it contains. It is UPX packed and has length of 14KB (14880 bytes).
The worm will attempt to download additional components form an fixed URL in its code. If the download fails, the worm will sleep for 5 minutes before attempting to download it again.
The downloaded files are placed in the Window's 'System32' folder, and are named:
ntrootkit.exe
ntrootkit.reg
Those files are a part of a backdoor detected as Backdoor.RtKit.11.a by FSAV.
It will scan random ranges of IP addresses attempting to exploit the aforementioned vulnerability.
It has an IRC backdoor component, which will connect to a servers from an internal list and then join to a channel form where to received further instructions. One of the instructions which can be given to the worm is to download and execute the Microsoft patch (only the Spanish version) of the RPC vulnerability.
VARIANT: Raleka.B
ALIAS: W32/Raleka-B, WORM_RALEKA.B, W32/Raleka.worm
A new variant of Raleka worm known as Raleka.B was found. F-Secure Anti-Virus detects it as Worm.Win32.Raleka.b.
Link Here : http://www.f-secure.com/v-descs/raleka.shtml
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|