Another damn virus

Anything and Everything about Uplink

Moderators: bert_the_turtle, jelco, Chris, Icepick, Rkiver

User avatar
Iris
level5
level5
Posts: 2423
Joined: Wed Apr 09, 2003 6:15 am
Location: Land of the Morning Calm

Postby Iris » Wed Aug 13, 2003 11:11 am

i totally agree with andrewas. here in the compound the sysadmin 2 days ago suddenly went around the offices and dorms and started checking the antivirus software of everyone who has a PC, and also confirmed if the latest MS patch was installed. he said the company's servers had encountered a virus and, while the infestation was in check, he wanted to make sure there were no leakages.

(Edited by Iris at 11:12 am on Aug. 13, 2003)
Image
DR EVIL
level0
Posts: 1
Joined: Wed Aug 13, 2003 3:02 am

Postby DR EVIL » Wed Aug 13, 2003 7:46 pm

i think the reason why people dont make viruses for macs is for one most dont know how to properly code a virus that could do real harm on a mac.
people who have macs and can code for them usualy like the OS. and of course macs are tough to hack (if correctly set up and managed)

people hack windows because microsoft wont get off its lazy arse to fix its software.

ive been around since windows 3.1
i now have win xp corperate that i got from "alternate sources"
Pacemeyer
level1
level1
Posts: 22
Joined: Mon Aug 04, 2003 10:50 pm

Postby Pacemeyer » Wed Aug 13, 2003 7:46 pm

Blaster's just been on the news.

It affects:

Win XP
Win NT
Win 2000
And anotherone which I just forgot but it ended in 2003.

It's a vius which is s protest about the buggy software by microsoft and there's meant to be a major attack on the microsoft update page.

I think the attacks meant to destroy microsoft. (Not sure though).
"... freeflow of information is the only safeguard against tyranny. The once chained people who's leaders at last loose their grip on informartion flow will soon burst with vitality, but, the free nation gradually constricting its grip on public discourse
Sym33
level2
level2
Posts: 132
Joined: Sat Jun 21, 2003 11:09 pm

Postby Sym33 » Wed Aug 13, 2003 8:28 pm

As far as I can see from this virus, it appears to shutdown the computer after 60 seconds each time it is turned on until it is removed. It's not going to do a great DOS attack if it lasts 60 seconds, and most people wouldn't bother turning on there computers unless they were going to get rid of the virus
Pacemeyer
level1
level1
Posts: 22
Joined: Mon Aug 04, 2003 10:50 pm

Postby Pacemeyer » Wed Aug 13, 2003 9:03 pm

What I meant by theres going to be an attack on Microsoft is:

This virus is a warning message to Microsoft.
Some experts who looked at the code found a message.
"... freeflow of information is the only safeguard against tyranny. The once chained people who's leaders at last loose their grip on informartion flow will soon burst with vitality, but, the free nation gradually constricting its grip on public discourse
Liquid Data
level1
level1
Posts: 31
Joined: Fri Jul 11, 2003 11:33 pm
Location: Germany
Contact:

Postby Liquid Data » Wed Aug 13, 2003 10:08 pm

As far as I can see from this virus, it appears to shutdown the computer after 60 seconds each time it is turned on until it is removed. It's not going to do a great DOS attack if it lasts 60 seconds, and most people wouldn't bother turning on there computers unless they were going to get rid of the virus


The shutdown effect only occurs if the worm tries either to exploit Windows XP with the method written for Windows 2000 or vice versa. It is most certainly an undesired effect caused by a bug in the worm's code. (Would be a bit pointless to write a worm that would prevent itself from spreading by causing the infected computer to shut down after 60 seconds...)

A really nasty bug, though... try to download and install a patch within 60 seconds. Quite a challenge, isn't it? ;)

And of course the whole thing is designed to slap Microsoft right into the face. I wonder if they will be able to prevent any DoS attacks that are going to be performed by the infected machines on Friday...

But well, the RPC vulnerability was revealed a month ago, and M$ released a security update to fix the problem only several days after it had been discovered. Soon exploits for this vulnerability were created and spread throughout Bugtraq and other lists. From that day on, it was only a matter of time before someone would use one of these exploits to create a virus or worm, and it was quite clear that this would happen.

I wasn't affected - just because of the fact that I downloaded and installed the patch instantly after it was out. If not, ZoneAlarm Pro wouldn't have been able to protect my system, as far as I can tell from the posts in this topic. Lucky... -_-

However, a good hardware firewall plus a router seems to be more effective. In the place where I work, our network server hadn't been patched until today (when half of the employees run for the sysadmin to tell him he REALLY should download the update to protect our systems from the worm... ^^; ). But the server remained unaffected, even without the patch - thanks to the firewall.

Btw, did you notice that there are already two variants of the worm spreading...? That was quick... Obviously the source code was posted somewhere, maybe on Bugtraq.

[sarcasm]It's always a pleasure to see how a bunch of half-adolescent script kiddies are able to cause irrational panic to internet users, system administrators, security experts and the media - all at once.[/sarcasm]

Well, at least now they have something to rant about.

(Edited by Liquid Data at 11:11 pm on Aug. 13, 2003)
"To see a world in a grain of sand // And Heaven in a flower
Hold infinity in the palm of your hand // And eternity in an hour."
Stewsburntmonkey
level5
level5
Posts: 11553
Joined: Wed Jul 10, 2002 7:44 pm
Location: Nashville, TN
Contact:

Postby Stewsburntmonkey » Wed Aug 13, 2003 10:29 pm

Quote: from DR EVIL on 1:46 pm on Aug. 13, 2003[br]i think the reason why people dont make viruses for macs is for one most dont know how to properly code a virus that could do real harm on a mac.
people who have macs and can code for them usualy like the OS. and of course macs are tough to hack (if correctly set up and managed)

people hack windows because microsoft wont get off its lazy arse to fix its software.

ive been around since windows 3.1
i now have win xp corperate that i got from "alternate sources"


This worm (and most others) do not affect PCs that are "correctly set up and managed".  The patch for this vulnerability has been out for a good while now, its just people not clicking on the little update icon on the screen that is the problem.  People don't code worms and viruses for Macs because the whole point is to get the widest audience, and Macs are certainly not the largest audience.  People hack school Macs all the time (especially the pre-OSX systems), its really not that hard.  The thing I hate is all these people running around yelling at MS for these security holes, when they are present on every consumer OS, and MS does a better job patching them than anyone else for the most part.  Things like this are possible not because of MS, but because of the people who don't update their systems.  That is their perogative but they can't blame anyone but themself.  

(Edited by Stewsburntmonkey at 4:30 pm on Aug. 13, 2003)
User avatar
tabasco boy
level5
level5
Posts: 1180
Joined: Sun Mar 10, 2002 4:25 pm
Location: Lovely Planet Earth
Contact:

Postby tabasco boy » Wed Aug 13, 2003 11:04 pm

it sometimes make me wonder how some of those IT staff who's client machines got infected got a job and what they do from 9 to 7 do they just chitchat the whole day or download porn. they had more or less a month now since the patch has been out.

they don't eFFing deserve to get a fat pay check. and us who knows more are the one getting layed off.

there's definetely something wrong here.
Eating without Tabasco® Sauce is like a computer without a OS.
sir hackalot
level3
level3
Posts: 451
Joined: Thu Apr 25, 2002 7:05 pm
Contact:

Postby sir hackalot » Thu Aug 14, 2003 12:57 am

well for those who got infected, good you deserve it, the RPC overflow patches have been out for at least a month now,  and because of your stupidity you now have blaster. the compiled version of blaster will exploit the RPC DCOM overflow for XP/2K, but the vulnerability is on every version of windows except 98, so it would take  a small amount of coding to upgrade this virus to real potential.

but as usual worms will still continue to rampage through systems over the world, why? because ppl wont spend five mintues updating there sytstems.

Symantecs removal tool: http://securityresponse.symantec.com/av ... .tool.html
Trend's removal tool:
http://www.trendmicro.com/download/tsc.asp
F-Secure's removal tool:
http://www.f-secure.com/v-descs/msblast.shtml
Mcaffee's removal tool:
http://vil.nai.com/vil/stinger/

Check your registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

if you find an entry for Windows Auto Update that launches a file named msblast.exe you should delete this tos topit running at startup. then delete it form your hard drive by dropping into DOS mode.

For those who might actually show an interest and learn something from this:
http://www.securiteam.com/windowsntfocu ... 20AKG.html
also has a list of pacthes for OS's, but these have not proved 100% successful.

And as for people talking about firewalls etc etc, they dont work. Blocking some ports:
* 69/UDP
* 135/TCP
* 135/UDP
* 139/TCP
* 139/UDP
* 445/TCP
* 445/UDP
* 4444/TCP
and several others.

LSD, the discoverers of the overflow analysis:
http://www.xfocus.org/documents/200307/2.html

[EDIT]sorry for stretching page[/EDIT]

(Edited by sir hackalot at 12:59 am on Aug. 14, 2003)
User avatar
Starfyre
level5
level5
Posts: 3247
Joined: Sat Jun 29, 2002 3:00 pm
Location: in the tree house

Postby Starfyre » Thu Aug 14, 2003 1:21 am

One should be safe if there's no msblast.exe, right?
Adriac
level5
level5
Posts: 3504
Joined: Wed Jan 23, 2002 7:20 am

Postby Adriac » Thu Aug 14, 2003 1:46 am

I don't update virus definitions, and I haven't ever gotten a virus... In my opinion, it's just good design to not require the users to protect themselves. I mean, you're like "Serves them right for not protecting their system." But, I mean, it serves your mom right, eh?

No, seriously. If your mom's computer got infected and wiped simply because she's not the right generation, is that her fault or Microsoft's?

For servers run by IT departments, I agree entirely. But PC users can get viruses as well, and I think it really is the developer's job to stop that.

And on a side note, labs getting hacked is a whole different animal. See, it's generally assumed that one doesn't have physical access to the target. If you do, well, single user mode (Command-S of OS X), or if that's passworded (isn't by default...) just take out the hard drive.

But it must be noted that Panther (OS X 10.3) will include an option to encrypt one's entire home directory at logout, if you're that paranoid.

Real life example*: My mom is fairly computer illiterate, but as a psychiatrist she needs to keep a certain amount of data (Read: everything) confidential. Transparent, automatic OS X encryption is really perfect for her needs.


*That's an example that's true, not an example of a RL scenario. My mom really is a psychiatrist.
00010001000100000000101100010111000 10110000100010001100001011111000101 10000100100000111100010000000011010 0001011000111100001000100001011
Stewsburntmonkey
level5
level5
Posts: 11553
Joined: Wed Jul 10, 2002 7:44 pm
Location: Nashville, TN
Contact:

Postby Stewsburntmonkey » Thu Aug 14, 2003 2:04 am

I think it is rather silly to say that people should not be asked to make any effort to keep their system secure.  There is not a consumer OS that does not have vulnerabilites.  If you are not a totally isolated system you are going to open up security issues somewhere.  For years the Linux community has railed against the insecurity of Microsoft, but now that Linux distros are trying to compete with Window's ease of use my mail box is full of notices from RedHat and Mandrake announcing new patches for security holes.  There are several security holes in OSX, but because the community is so limited no one really cares.  And when I talked about hacking school computers I was speaking of remote hacks, not the trivial direct access type.  

If anyone thinks they can design a fully secure OS (that anyone can use) I would ask them to give it a try.  The most secure OS is Unix and is so secure because it has been little changed in years.  Once BSD is configured for real consumer use several security issues arrise.  It is like a car;  the auto-maker can only do so much to protect you against yourself.   If you decide you should never have to change the oil or the brakes then you are doing so at your own risk.  :)
Tuxedo Penguin
level2
level2
Posts: 82
Joined: Wed Jul 23, 2003 8:39 am
Location: Gloucester, NC.  USA
Contact:

Postby Tuxedo Penguin » Thu Aug 14, 2003 3:43 am

Damn.  All this over a worm....
All things considered; I'd rather get Revelation.
"Our galaxy is tens of trillions of miles across, and surrounding it are countless galaxies of comparable size. All the cosmos that we have mapped out are only a grain of sand on a neverending beach. The universe extends infinitely beyond what your brain
Kronus
level1
level1
Posts: 20
Joined: Mon Jul 21, 2003 3:57 am

Postby Kronus » Thu Aug 14, 2003 5:44 am

and yet, according to other sites, the message the worm telling Bill Gates to fix his own software... btw where can I find this virus I what to capture it and put it in my collection of viral software...
3.1415926535 8979323846 2643383279 5028841971 6939937510 5820974944 5923078164 0628620899 8628034825 3421170679 8214808651 3282306647 0938446095 5058223172 5359408128 4811174502 8410270193
User avatar
tabasco boy
level5
level5
Posts: 1180
Joined: Sun Mar 10, 2002 4:25 pm
Location: Lovely Planet Earth
Contact:

Postby tabasco boy » Thu Aug 14, 2003 5:54 am

Quote: from Kronus on 5:44 am on Aug. 14, 2003[br]and yet, according to other sites, the message the worm telling Bill Gates to fix his own software... btw where can I find this virus I what to capture it and put it in my collection of viral software...


you don't have to find it matey just disable your anti-virus, disable your software firewall connect PC directly to the net without router, enable every service on your machine open all possible ports and sit back and wait while rehearsing on pulling your hair in anger and thinking why did i follow tabasco boy. :biggrin:

you better hurry up though as most ISPs everywhere are blocking port 135 and some other ports which will make your chance slimmer of acquiring it.

(Edited by tabasco boy at 6:01 am on Aug. 14, 2003)
Eating without Tabasco® Sauce is like a computer without a OS.

Return to “General”

Who is online

Users browsing this forum: No registered users and 33 guests