RPC DCOM Worm On The Loose

GPez writes "The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."

Re:users being hit hard

[Sorthum]

Are the calls mostly centered around actual problems, or is it users doing their famous "I heard about the RPC bug, and now my computer won't boot!" routine? When Code Red came out, for instance, we saw everything from bad disks to dialup issues being blamed on it, solely because people didn't listen to anything past "the world is calling" chicken-littleisms.

Slashdot saves my girlfriend!

[brandonY]

My girlfriend called me not 20 minutes before this article went up asking what RPC was and why it was shutting her computer down whenever she got on the Internet. A quick glance at this article's headline followed by a thorough read of symmantec's removal instructions led to me calling her back and another day saved! Thanks, Slashdot! Thanks, Symmantec Security Response Team!

Re:On the way?

[Sethb]

You want to know what a real University setting is like? I've worked at 2 of the 3 state Universities here, and generally it's a mishmash of 20% Win95, 40% Win98, 20% Win2000, and 20% Windows XP machines, none of which authenticate to a domain, administered by someone who started working there as a student, but was kept on after graduation because they were cheap labor.

Patches? Well the user should take care of that, right? After all, they've got Internet Explorer, they can surely remember to visit WindowsUpdate and get patches on their own.

Oh, AntiVirus definitions? Well, our software doesn't update those automatically, you've got to click the icon and push update every month or so, but the users can do that.

None of the above is hyperbole, and were actually the standard practices as recently as 18 months ago.

Heck, doing testing? That'd require a SECOND computer for each technician! That'd cost money! We can't afford to but TWO computers for one person, we're already splurging on 1 IT person per 500 computers! Oh, and we gave you 1 student who's slightly above minimum wage too. What more do you want?