Slashdot Mirror
RPC DCOM Worm On The Loose
GPez writes "The first of I'm sure many RPC DCOM worms affecting Windows is on its way, according to the Internet Storm Center. Patch those systems!" According to the site, "The worm uses the RPC DCOM vulnerability [affects Win2k through Server 2003] to propagate. Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp."
no need to reboot any time soon for that old windows 98 part since Im a linux junkie by now hehehe
I believe the correct like is 207.44.202.162
Karma: The shiznight, mostly because I am the Drizzle.
Even better, a Linux server on a firewall. Running Gentoo Linux. My box is tighter than a nervous virgin on prom night. Erm.. ^.^;;
Anyone that runs an M$ Windows system naked to the Internet is a fool! This is only the latest, certainly not the last, in a long line of vulnerabilities from M$.
Wise up. Lock your M$ systems behind a firewall, ban Outlook and IIS forever OR be prepared to spend the rest of your life testing and installing patches to TRY and keep them hackers out!
so you never set your system policies to prevent the downloading of certain file types then??? More fool you.
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
perhaps it's time to get a real operating system and quit playing with insecure toys.
You do realize everyone who had Automatic Updates on weren't affected by anything, and you people who didn't patch were, right? Sounds like you're being entirely pointless.
"Sufferin' succotash."
Find shutdown.exe in the system32 folder in your windows folder and rename it to shutdown.bak Problem solved, without any patches!
Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp.
HAHAHA!!! You bought it, you deal with it, suckers!
Healthcare article at Kuro5hin