New Blaster Variant - MSBLAST.H

[thehorse13]

TrendMicro is reporting that a new blaster variant is in the wild. Be sure all of your boxes are patched that you put to the back burner. This little creep exploits the original RPC vulnerability.

Also, if you become infected, you'll be a part of a DDoS attack on the WindowsUpdate site.

Happy patching.

http://www.trendmicro.com/vinfo/viru...LAST.H&VSect=T

[phishphreek]

damn... you'd think that they would have given up on this one by now!

Anywho... I thought that m$ removed the automatic redirection of that site...

But there's a flaw. The worm instructed computers to call up http://windowsupdate.com -- which is an incorrect address for reaching the actual Microsoft Web site that houses the software patch. Although Microsoft has long redirected those who visited that incorrect address to the real site -- http://windowsupdate.microsoft.com -- the company disabled the automatic redirection Thursday in preparation for the onslaught of infected computers.

http://www.detnews.com/2003/technolo...ogy-245501.htm

the redirection works when you visit www.windowsupdate.com but not http://windowsupdate.com or simply windowsupdate.com

Once this malware secures an Internet connection, it checks for the current system date. On the following system dates, it launches a thread that performs a distributed denial of service (DDoS) attack against windowsupdate.com:

So, this means that m$ won't even feel the effects of this DDoS?

[the_JinX]

Yup..

just like SCO stepped out, after playing the beaten dog for a day or two..
http://www.theregister.co.uk/content/56/35310.html

[scriptkiddie18]

Also, if you become infected, you'll be a part of a DDoS attack on the WindowsUpdate site.

Did we not have something like this before...i think i saw it on the TV, they said something about a new virus and if you were affected, you'd be attacking the win update site on X/X/XX date....dont remember what the date was...well looks like its still going on heh...damn hackers gotta make our life hard

[SDK]

Stupi... 6 months old virus release again? Oh! Those guy have realy nothing to do in life!

[scriptkiddie18]

Hahaha SDK...whats that...? Oh its his definition of hackers
....nothing better to do than hacking lol
these guys just wont give up heh...

[thehorse13]

So, this means that m$ won't even feel the effects of this DDoS?

Well Phissy old buddy, the defacto IT response applys to this question - it depends. Currently we have no idea how many unpatched boxes are out there and we are not sure how fast this variant will spread before the trigger is pulled.

Looking at it logically, I can't see MS getting too hosed up over the event because we do know that more machines have been patched since the last round of this crap.

[PM8228]

6 Months. It is not a lack of a life that causes this, it is a lack of skill. People who can not write full virii, or just want to change it to look like it is theirs for their friends or whatever do that stuff. Not a skilled professional by any means.

-Cheers-

[phishphreek]

horsey, I understand what you are saying. What I don't see is this.

If the worm attacks http://windowsupdate.com or windowsupdate.com then they have nothing to worry about. those sites no longer resolve and they don't redirect to www.windowsupdate.microsoft.com.

IF the worm attacks www.windowsupdate.com then, it would redirect and attack www.windowsupdate.microsoft.com

According to the info in the link you provided, it will attack either http://windowsupdate.com or windowsupdate.com, which means that they shouldn't feel the effects because it won't redirect.

see what I'm saying? or am I all messed up again?

[thehorse13]

LOL, nope, this screw up is on me. I see what you are saying, so yes, they should have no issue.



Age...the anti-memory.