MS Blaster worm using up your bandwidth !

I just reconfigurated my firewall and got a access warning from a programm called 'msblast.exe'. It's hard to find some info about it since this seems to be quite new, but anyway if you have a file like this in your windows/system32 folder then try to get rid of it. This worm is supposed to slowly take up more and more bandwidth so that it's hard to tell why your connection is getting slower and slower. That's all I could find out right now. Hope you're not infected !

Chris

edit: If you're repeatedly getting RPC-errors this might be the cause. Here's the info page from Symantec .

Omigod,

I'd better get a virus tester or a router or a firewall or...

Wait, I've got a Mac /ubbthreads/images/graemlins/grin.gif

Wilkey

Search couldn't find anything named that on our HD.

How does it get in anyway?

When I booted the work box this morning, I was infected. It resulted in my CAD program not opening any drawings. Others found that they couldn't copy and paste. This one is ugly! If your ISP is on a vulnerable server OS that hasn't had Uncle Bill's patch applied and you are running Win2K, you will probably get hit. News says it is spreading fast.
Network Associates (McAffee) site has a removal tool, and the latest updates for Norton AV will quarantine it.

Larry

Recent article here

Larry

Ginseg...thanks for reminding me, I almost forgot.

I ran a complete Windows update, but we are on ME anyhow, which isn't mentioned in this particular threat.

Yeeah, I got hit last night... couldn't figure out why our T1 wasn't working! I called our telecom supplier, and when I gave them our company name, they immediately identified the perpetrator (my laptop). /ubbthreads/images/graemlins/rolleyes.gif It was maxing out at 300 sessions at the same time. Nasty little bugger, but it's easy to remove. I saw it this morning on MSN.com before I even realized I had it.

I got hit last night- my machine kept shutting down while I was trying to install the patch. At least it down not seem to cause much harm - it could have been much worse. The annoying thing is you can catch it just leaving your machine hooked up to the internet.

My company (Lockheed) is having problems with this today. My machine is/was/may still be infected. PITA!!! BTW, it is also known as the LovSan worm.

Here in Kansas Cox added a port block on our cable modems to block out port 135. My modem went down about 7:30pm last night. After it came back up I noticed my firewall was not getting any more hits on 135.

Not sure if they are blocking outgoing/incoming, but I wouldnt be surprised if they did both.

Seems like someone is gathering remote-access to get MS some DoS trouble... At least there's a hint to that written in the code: 'Billy Gates why do you make this possible? Stop making money and fix your software!'. Quite funny - at least if you have a proper firewall installed and can watch the show from a distance... /ubbthreads/images/graemlins/wink2.gif /ubbthreads/images/graemlins/popcorn.gif

Chris

This virus only affects the following operating systems;

Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003

The Patch

I wouldn't try to download the patch since the worm will cause RPC-errors which will shut down the computer... Update your anti-virus software or get the latest version from one of the majors (for example try www.free-av.com for a free copy of AntivirXP).

Chris

[ QUOTE ]
Ginseng said:
Omigod,

I'd better get a virus tester or a router or a firewall or...

Wait, I've got a Mac /ubbthreads/images/graemlins/grin.gif

Wilkey

[/ QUOTE ]

The only virus Mac had was OS 8! /ubbthreads/images/graemlins/icon15.gif /ubbthreads/images/graemlins/wink.gif

It's been a week or so since my last "windows critical update", but the website says I'm up to date, so I'm a little confused about that...

Looks like Zone Alarm and my personal Windows privacy setting are keeping me "clean" anyway.

And Norton is up to date.

/ubbthreads/images/graemlins/banghead.gif /ubbthreads/images/graemlins/banghead.gif /ubbthreads/images/graemlins/banghead.gif /ubbthreads/images/graemlins/banghead.gif /ubbthreads/images/graemlins/banghead.gif

fun is fixing this in a university environment.

Geoff

[ QUOTE ]
Silviron said:
It's been a week or so since my last "windows critical update", but the website says I'm up to date, so I'm a little confused about that...

Looks like Zone Alarm and my personal Windows privacy setting are keeping me "clean" anyway.

And Norton is up to date.

[/ QUOTE ]

You should probably be okay if Norton is updated and you have ZoneAlarm.

I have not seen the patch for download from the normal Windows update. I had to download it from another website.

The patch hit the 'normal Windows update' back on 16JUL2003 and if people keep up with patches there should be absolutely no problem from this worm at all.

Uh, just a moment, seems that 90 percent of the machines weren't patched.

Ya know, the only way we'll ever see the majority of Windows users keeping up on "critical" patches is if Microsoft packages them in worms and viruses and gets them into the machines that way. /ubbthreads/images/graemlins/icon23.gif



"The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners."

I'm a "computer guy" so I've been helping all my friends with this worm since yesterday. It's been a pain in the ***. Although it's rather funny to see the expression on their face when they say "Hey Tony, I'm having a strange problem with my computer..." and then I say "let me guess..." and describe everything that the worm does. /ubbthreads/images/graemlins/smile.gif

Luckily, my home network has a solid hardware firewall. It's actually an old Pentium II 266 running Linux. It's my router as well. I have it set up so every single port is stealthed. In fact, my IP address will not even respond to a ping. I'm completely "off the map." I value security, and pride myself in never having a single virus in almost 10 years of using PC's! I've never had a "virus scanner" either. My "virus scanner" is my own common sense!