RPC DCOM Worm On The Loose

← Back to Stories (view on slashdot.org)

Posted by simoniker on Monday August 11, 2003 @08:58AM from the uh-oh-spaghettios dept.

GPez writes "The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."

15 of 604 comments (clear)

Great by mjmalone · 2003-08-11 08:58 · Score: 5, Funny

The security team at my office has been scrambleing to secure all of our systems before such a worm was developed. I hope they are done!

Will blocking port 135 at the router stop this worm? Seems like a simple solution for the short term. I would like to see the source for the worm, does anybody have it?

--
Visualize the world of wine
1. Re:Great by rylin · 2003-08-11 09:00 · Score: 5, Funny
  
  I have a copy! You can fetch from 212.192.128.76:4444 ;)
I have already patched my entire network. by Znonymous+Coward · 2003-08-11 09:01 · Score: 4, Funny

It's called a firewall. It's proteced me from Nimda, Code Red, etc.

--
Karma: The shiznight, mostly because I am the Drizzle.
1. Re:I have already patched my entire network. by Anonymous Coward · 2003-08-11 09:08 · Score: 5, Funny
  
  It's called Linux. It's protected me from Nimda, Code Red, etc...
2. Re:I have already patched my entire network. by bigjocker · 2003-08-11 09:14 · Score: 4, Funny
  
  I used this patch instead in my whole network.
  
  --
  Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
3. Re:I have already patched my entire network. by TheGreenLantern · 2003-08-11 09:16 · Score: 5, Funny
  
  While I'm sure this is technically true, some of us are responsible for networks that are slightly more complicated than an XBox, an HP Pavilion downloading porn and bootlegs 24-7, and an old P2 running Suse in our parents basement.
  
  --
  
  It hurts when I pee.
New title suggestion for this story by Kappelmeister · 2003-08-11 09:02 · Score: 4, Funny

Developers: RPC DCOM Worm On The Loose

Shouldn't that be:

Developers, Developers, Developers, Developers, Developers, Developers, Developers, Developers, DEVELOPERS!, DEVELOPERS!, DEVELOPERS!, DEVELOPERS!, DEVELOPERS!: RPC DCOM Worm On The Loose
I saw it happen LIVE! by __aaklbk2114 · 2003-08-11 09:05 · Score: 5, Funny

I was working on my parents compter (Windows XP) remotely today when this started happening. I was installing some new software for them and I had also just disabled that stupid Messenger service so they would stop getting those pop-up spam messages.

Anyhow, I had just finished that when XP said it was shutting down in 30 seconds. I was like, WTF!

Here I am thinking that I just screwed up their machine with the new apps somehow.

Thanks a bunch, Billy. Guess they'll be punting this one to Longhorn :)
go ME! by StevenHallman76 · 2003-08-11 09:06 · Score: 5, Funny

Affected Software:

* Microsoft Windows NT(R) 4.0
* Microsoft Windows NT 4.0 Terminal Services Edition
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server(TM) 2003

Not Affected Software:

* Microsoft Windows Millennium Edition

finally! all these years of running Win ME have paid off! so long suckers!
1. Re:go ME! by Sneftel · 2003-08-11 09:18 · Score: 4, Funny
  
  I'm afraid you stopped reading too soon. Here's the bit you missed:
  
  Sucks big fat sweaty donkey balls:
  
  * Microsoft Windows Millennium Edition
  
  --
  The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
OMG by stephenry · 2003-08-11 09:07 · Score: 5, Funny

OMG! It's not a worm, ITS SKYNET! It's taking over! Make your time, judgement day is nigh!
I'm safe by teamhasnoi · 2003-08-11 09:16 · Score: 4, Funny

I've rolled a saving throw against remote infection and I have +3 Fireproof armor, however I am still vulnerable to hot wood elves.
You did say this was a RPG worm, right?
Re:Credit... by GnomeKing · 2003-08-11 09:35 · Score: 5, Funny

At least Microsoft was nice enough to credit LSD in the tech note.

Is that what they were taking when they wrote the code?
Re:users being hit hard by TheRealFixer · 2003-08-11 10:54 · Score: 5, Funny

Yeah, except the stolen car doesn't take off by itself in the middle of the night and start hitting every other car it sees.
I'm not sure about removing it.... by TheBoostedBrain · 2003-08-11 13:56 · Score: 5, Funny

Trend Micro says that this worm performs a DDoS to Windows Update Site, I'm not really sure about removing it...

--
-- When did Ignorance Become a Point of View?