Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: New Blaster Variant - MSBLAST.H

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    Exclamation New Blaster Variant - MSBLAST.H

    TrendMicro is reporting that a new blaster variant is in the wild. Be sure all of your boxes are patched that you put to the back burner. This little creep exploits the original RPC vulnerability.

    Also, if you become infected, you'll be a part of a DDoS attack on the WindowsUpdate site.

    Happy patching.

    http://www.trendmicro.com/vinfo/viru...LAST.H&VSect=T
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    damn... you'd think that they would have given up on this one by now!

    Anywho... I thought that m$ removed the automatic redirection of that site...

    But there's a flaw. The worm instructed computers to call up http://windowsupdate.com -- which is an incorrect address for reaching the actual Microsoft Web site that houses the software patch. Although Microsoft has long redirected those who visited that incorrect address to the real site -- http://windowsupdate.microsoft.com -- the company disabled the automatic redirection Thursday in preparation for the onslaught of infected computers.
    http://www.detnews.com/2003/technolo...ogy-245501.htm

    the redirection works when you visit www.windowsupdate.com but not http://windowsupdate.com or simply windowsupdate.com

    Once this malware secures an Internet connection, it checks for the current system date. On the following system dates, it launches a thread that performs a distributed denial of service (DDoS) attack against windowsupdate.com:
    So, this means that m$ won't even feel the effects of this DDoS?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Yup..

    just like SCO stepped out, after playing the beaten dog for a day or two..
    http://www.theregister.co.uk/content/56/35310.html
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Also, if you become infected, you'll be a part of a DDoS attack on the WindowsUpdate site.
    Did we not have something like this before...i think i saw it on the TV, they said something about a new virus and if you were affected, you'd be attacking the win update site on X/X/XX date....dont remember what the date was...well looks like its still going on heh...damn hackers gotta make our life hard

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Stupi... 6 months old virus release again? Oh! Those guy have realy nothing to do in life!
    -Simon \"SDK\"

  6. #6
    Hahaha SDK...whats that...? Oh its his definition of hackers
    ....nothing better to do than hacking lol
    these guys just wont give up heh...

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    So, this means that m$ won't even feel the effects of this DDoS?
    Well Phissy old buddy, the defacto IT response applys to this question - it depends. Currently we have no idea how many unpatched boxes are out there and we are not sure how fast this variant will spread before the trigger is pulled.

    Looking at it logically, I can't see MS getting too hosed up over the event because we do know that more machines have been patched since the last round of this crap.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    6 Months. It is not a lack of a life that causes this, it is a lack of skill. People who can not write full virii, or just want to change it to look like it is theirs for their friends or whatever do that stuff. Not a skilled professional by any means.

    -Cheers-

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    horsey, I understand what you are saying. What I don't see is this.

    If the worm attacks http://windowsupdate.com or windowsupdate.com then they have nothing to worry about. those sites no longer resolve and they don't redirect to www.windowsupdate.microsoft.com.

    IF the worm attacks www.windowsupdate.com then, it would redirect and attack www.windowsupdate.microsoft.com

    According to the info in the link you provided, it will attack either http://windowsupdate.com or windowsupdate.com, which means that they shouldn't feel the effects because it won't redirect.

    see what I'm saying? or am I all messed up again?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    LOL, nope, this screw up is on me. I see what you are saying, so yes, they should have no issue.



    Age...the anti-memory.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •