quote:
From the book of Willias, chapter 3, verse 16:
diadem, knowing what IP is hitting won't change anything, apparently there is a file going around that sends itself around by IP address that hits port 135. msblast.exe is what I think it is called. IF YOU HAVE GOTTEN HACKED BY THIS TODAY, LOOK FOR MSBLAST.EXE IN YOUR WINDOWS FOLDER. It uses your computer to further spread the hack and make your compy stop working.I looked at my ZoneAlarm's log earlier, and msblast.exe kept trying to reach the internet repeatedly every 5 or so seconds, and other people that use Insightbb kept trying to access my compy through port 135.
Nasty, nasty little bugger.
ah, so it's more like a virus then some jackass hacking into my machine and fucking with my stuff?
(was worried about him logging into aim as me or taking credit card data and passwords)
1. How am I supposed to download the fix if my system does a shutdown in one friggin minute after I went online?!?
2. WHO THE FUCK gave MS the right to shutdown my computer?!? If I want to run my system with a hole in my security that is as big as Mount Everest it's my fucking right to do so!@#@!
3. Mort mentioned something about shutting down the RCP features in Windows XT, preventing the shutdown. Please, someone tell me how do I do that?
(If this has already been mentioned, I'm sorry. ONE FUCKING minute just isn't enough time to read the whole thread.)
(1) SOURCE sends a malicious packet to port 135 on your PC. (Hence the reason this should have been blocked at the firewall)
(2) Assuming you're vulnerable, said packet opens a shell on port 4444
(3) Once shell is opened, SOURCE connects to you (Victim) on port 4444
(4) Once connected, SOURCE initiates a TFTP download on VICTIM copying the exploit from one of several places on the internet
(5) Once download is successful, worm is now executed, which infects the system.
(6) You now become SOURCE and start scanning for vulnerable machines.
Now... Blocking 135 should have already been done if you were running a firewall (and had actually set it up instead of leaving it defaulted). If they can't get to 135, they can't open the shell on 4444 and transfer the file in. Also, TFTP should be blocked on the router as well since pratically no one outside of IT people really use it anymore (except for some of the linksys update programs).
And as Khy has pointed out, if you had installed the patch to start with, none of this would have happened at all. 
Go into STart -> Control Panel -> Network Connections.
Inside of Network Connections, right-click on your connection (LAN or dialup), and click properties, then go to the 'Advanced' tab. Turn on the Internet Connection Firewall (The check mark next to 'Protect my computer by limiting access blah blah blah').
quote:
Tarquinn had this to say about Jimmy Carter:
2. WHO THE FUCK gave MS the right to shutdown my computer?!? If I want to run my system with a hole in my security that is as big as Mount Everest it's my fucking right to do so!@#@!
You have every right to do so. MS isn't shutting down your computer. That hole in your security is allowing a virus to take control of the PC and shut down the computer. Congratulations 
quote:
Khyron had this to say about John Romero:
You have every right to do so. MS isn't shutting down your computer. That hole in your security is allowing a virus to take control of the PC and shut down the computer. Congratulations
Actually, MS is an adminstrative entity on your PC since like SP3 2k, SP1 XP and WMP9....
quote:
A sleep deprived Random Insanity Generator stammered:
Actually, MS is an adminstrative entity on your PC since like SP3 2k, SP1 XP and WMP9....
True. But MS isn't the one who released this vulnerability, isn't the one exploiting it, isn't the one who's infecting PC's, which was my point : MS isn't the one doing it
quote:
Khyron stumbled drunkenly to the keyboard and typed:
True. But MS isn't the one who released this vulnerability, isn't the one exploiting it, isn't the one who's infecting PC's, which was my point : MS isn't the one doing it
MS is the root cause as they are the ones that let the vuln exist in the first place. Plus it's not the exploit that's shutting down the PC, it's Windows that shutting down the PC because the RPC server has been hosed.
External stimuli, but it's still MS at the core. hehe
quote:
Check out the big brain on Random Insanity Generator!
MS is the root cause as they are the ones that let the vuln exist in the first place. Plus it's not the exploit that's shutting down the PC, it's Windows that shutting down the PC because the RPC server has been hosed.External stimuli, but it's still MS at the core.
hehe
Granted, it is windows shutting down the PC, but only due to external influence from a source OTHER than MS (The originator of the virus).
But then that's like saying because someone else grabbed the wheel and plowed your car into a tree, since your car is made by ford and all the parts that run it are Ford parts, and because Ford never included protection for someone else grabbing the wheel, that Ford is the one responsible for your car hitting the tree 
Besides, MS did patch it once the vulnerability was exposed. If they knew of the issue and deliberately didn't, then sure, I could blame them, but they did take the steps to protect their customers. [ 08-11-2003: Message edited by: Khyron ]
I go into the connection properties and there is no advanced tab there.
It wouldn't be a problem, but he won't let me get that computer on the internet to download the updates until that firewall is up.
Help?
quote:
Taeldian painfully thought these words up:
Ok, I've got my computer all safe and stuff, but I can't seem to turn on the firewall on one of my dad's computer.I go into the connection properties and there is no advanced tab there.
It wouldn't be a problem, but he won't let me get that computer on the internet to download the updates until that firewall is up.
Help?
This is the point where I, as ISP tech support, if you were a customer on the phone with me, would refer you to your OEM
IE : I dunno. The firewall should be there on WinXP. Win2K doesn't have one tho.
And Deth, I'm sure that this virus is causing the svchost error, because I just got a customer who was experiencing the same thing.
quote:
Random Insanity Generator had this to say about Jimmy Carter:
MS is the root cause as they are the ones that let the vuln exist in the first place. Plus it's not the exploit that's shutting down the PC, it's Windows that shutting down the PC because the RPC server has been hosed.External stimuli, but it's still MS at the core.
Honestly, for consumer level stuff MS is doing a pretty good job of fixing security holes via the auto-updater. Those appear on pretty much any platform, I doubt it would have been fixed on a unix base any sooner, also since the average consumer reads hardly any securtity level stuff it may have stayed open far longer on a lot of machines.
I'm hardly a fanboy of MS but there isn't much more they can actually do to make people update their machines than provide a pretty up-to-date self operating update system. As for security holes, yes they do happen, no they shouldn't happen but at least they've reacted quickly to it and released a patch.
Also, if the only thing this does is shut down your machine we're getting out of it pretty cheap anyway, would have made for a hell of a DDoS client. [ 08-11-2003: Message edited by: Shazorx / Modrakien ]
I passed this along to some other people though. I think at least one of them will be interested.
Additionally I've learned three things.
1. MS isn't to blame for shutting down my PC. I've misread Khyron's initial post.
2. Not consulting the windows auto-updater for over six months isn't a wise move.
3. A firewall sure would help. Gonna get Zonealarm, unless someone has a better (free) idea.
Thanks much for this thread and for the help Khyron.
It's all better now... Which shows me I should probably not ignore it when it prompts me with an update!
Full sigpic image.
Liam - "Caitlin: You terrify me, but in a good way."
quote:My dog ate it.
Drysart... I thought I knew you:
This patch has been on Windows Update for a week now. There's no good excuse not to already have it installed.
quote:
Drysart stopped beating up furries long enough to write:
This patch has been on Windows Update for a week now. There's no good excuse not to already have it installed.
I agree. I always have windows update on and let it's do it's thing.
quote:
Drysart had this to say about Captain Planet:
This patch has been on Windows Update for a week now. There's no good excuse not to already have it installed.
I just got it recently installed when I had the RPC problems. My XP system gives me a lot of trouble trying to install Windows Updates. This is the first that has actually worked.
Lyinar Ka`Bael, Piney Fresh Druidess - Luclin
quote:
What the Willias??
Hay guys, how do I turn back on my auto-updater, I think my dad turned it off at some point, and after this hassle, I would like it to be back on.
Control Panel > System > Automatic Updates Tab > check "Keep my computer up to date" and the automation setting you want.
I thought it was my firewall being screwy so went through a full clean and reinstall of the Virus Scanner and Firewall...
Thanks Khyron!!
quote:
Skaw had this to say about Reading Rainbow:
See?SEE why I use 98?
Developers are starting to drop support for Win98. You will soon be left in the dark. I cannot WAIT for the day when 98 is dropped, so I can laffff.
quote:
Tarquinn Model 2000 was programmed to say:
Okay, everything's fixed. MSBLAST.exe and derivates removed.Additionally I've learned three things.
1. MS isn't to blame for shutting down my PC. I've misread Khyron's initial post.
2. Not consulting the windows auto-updater for over six months isn't a wise move.
3. A firewall sure would help. Gonna get Zonealarm, unless someone has a better (free) idea.
Thanks much for this thread and for the help Khyron.
quote:
And I was all like 'Oh yeah?' and Kegwen was all like:
Developers are starting to drop support for Win98. You will soon be left in the dark. I cannot WAIT for the day when 98 is dropped, so I can laffff.
