Slashdot Mirror


RPC DCOM Worm On The Loose

GPez writes "The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."

10 of 604 comments (clear)

  1. Great by mjmalone · · Score: 5, Funny

    The security team at my office has been scrambleing to secure all of our systems before such a worm was developed. I hope they are done!

    Will blocking port 135 at the router stop this worm? Seems like a simple solution for the short term. I would like to see the source for the worm, does anybody have it?

    1. Re:Great by rylin · · Score: 5, Funny

      I have a copy! You can fetch from 212.192.128.76:4444 ;)

  2. I saw it happen LIVE! by __aaklbk2114 · · Score: 5, Funny

    I was working on my parents compter (Windows XP) remotely today when this started happening. I was installing some new software for them and I had also just disabled that stupid Messenger service so they would stop getting those pop-up spam messages.

    Anyhow, I had just finished that when XP said it was shutting down in 30 seconds. I was like, WTF!

    Here I am thinking that I just screwed up their machine with the new apps somehow.

    Thanks a bunch, Billy. Guess they'll be punting this one to Longhorn :)

  3. go ME! by StevenHallman76 · · Score: 5, Funny

    Affected Software:

    * Microsoft Windows NT(R) 4.0
    * Microsoft Windows NT 4.0 Terminal Services Edition
    * Microsoft Windows 2000
    * Microsoft Windows XP
    * Microsoft Windows Server(TM) 2003

    Not Affected Software:

    * Microsoft Windows Millennium Edition


    finally! all these years of running Win ME have paid off! so long suckers!

  4. OMG by stephenry · · Score: 5, Funny

    OMG! It's not a worm, ITS SKYNET! It's taking over! Make your time, judgement day is nigh!

  5. Re:I have already patched my entire network. by Anonymous Coward · · Score: 5, Funny

    It's called Linux. It's protected me from Nimda, Code Red, etc...

  6. Re:I have already patched my entire network. by TheGreenLantern · · Score: 5, Funny

    While I'm sure this is technically true, some of us are responsible for networks that are slightly more complicated than an XBox, an HP Pavilion downloading porn and bootlegs 24-7, and an old P2 running Suse in our parents basement.

    --

    It hurts when I pee.
  7. Re:Credit... by GnomeKing · · Score: 5, Funny

    At least Microsoft was nice enough to credit LSD in the tech note.

    Is that what they were taking when they wrote the code?

  8. Re:users being hit hard by TheRealFixer · · Score: 5, Funny

    Yeah, except the stolen car doesn't take off by itself in the middle of the night and start hitting every other car it sees.

  9. I'm not sure about removing it.... by TheBoostedBrain · · Score: 5, Funny

    Trend Micro says that this worm performs a DDoS to Windows Update Site, I'm not really sure about removing it...

    --
    -- When did Ignorance Become a Point of View?