Slashdot Mirror
Win32 Blaster Worm is on the Rise
EvilNight writes "You know you've got it when a 60 second shutdown timer pops up on your screen. The virus uses the RPC vulnerability. It looks like it's reaching critical mass today. Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and
download the removal tool." Update: 08/12 19:19 GMT by M : Security bulletin URL corrected.
Shouldn't the "Removal Tool" link point to a Linux ISO download site or something? I mean, this is slashdot... :-)
DOOM-DOOM-DOOM-DOOM DOOM * PANG*
At 10:06 AM, August 12th, 2003, Skynet launched dah Win32 Blaster Wahm. It quickly seized contrahl of ahh computers on the Net and forced a mahndatory reboot.
OK this is getting old.....
fdisk :)
format
install FreeBSD or keep your copy of Winders up to date.
>Why he hadn't fixed it already is a mystery, especially since slashdot.org is his homepage.
/. makes you smart? Apparently, you never read comments below 5.
You actually believe that reading
If this thing wouldn't keep crashing computers, it would be spreading like greased wildfire.
not patching your Windows machine... that's a paddling!
not using a firewall... that's a paddling!
not using Linux as you should be... you better believe that's a paddling!
Apparently, you never read comments below 5.
;)
In some cases even THAT doesn't mean you'll see smart comments
(hell, look at MY 5 point comments sometime lol
Join the TWIT army now!
Can anyone be so kind to take this worm (since I already patched my system) and change windowsupdate.com to something more interesting like
sco.com
riaa.org
Thank you
I work at an ISP, and over half of our tech support calls yesterday were because of this worm. You wouldn't believe the number of people who thought we were somehow going into their computer and not only kicking them off the internet, but rebooting their computers. (Yes, sir, the tech support staff feels horribly underworked today, so we thought we'd make things more exciting and pi** off a few customers in the process.) I hope they find the person involved and perform medical experiments on him.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
Then try, really, really hard to stop laughing...
Cheers,
Ian
Have fun patching, windows lusers. Maybe linux isn't ready for the desktop, but this goes to show that windows isn't ready for the Internet.
Man, it's almost as bad as that Teddy Bear virus *cough*
or maybe the machine reboots every 60s
My wife calls me upstairs last night.."The machine keeps shutting down".. Me: "what" *looks at task manager* Task Manager: msblast.exe Me: "Why isn't the firewall turned on?" Wife: "I Hate having to answer all of its questions, so I turned it off." Me: AAAARRRGGGHHH
Something similer happened to me yesterday. A friend of mine immed me saying his computer kept saying it had 60 seconds to reboot, and something about rpc crashing. So I responded with a screenshot of dir c:\ running on his machine.
Moral of the story: I'm an asshole.
(For the record, I then told him where to get the patch, and how to cancle a running shutdown.)
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
I welcome our new Skynet Overlords.
Oh, come on, people. He threw you a bone for fuck's sake. Linux 7.2? Sheesh!
A nasty work is quickly spreading across the internet forcing about 90 percent of the connected computers to become inoperable. Thousands of phones are ringing at IT desks all over the world. On the other ends of those phones are screaming, panicky users crying because their computers won't work. Management is calling because now you're the bottleneck causing inefficiency in the team, and you might need to start looking for a new job if this isn't taken care of. And then you trip over a network cable.
I think getting hammered is the best thing to do right now.
'You'd think every hotmail account would get a message saying "Plug that hole" from whoever it is that runs hotmail.'
Actually, in my hotmail spam repository account I already do get tons of messages saying things like that. But, I don't think they're talking about computer security. =)
Yup. Until Micro$oft issues a patch which breaks something else. Then some part of your server dies.
Wait... This is Micro$oft we are talking about. They would NEVER release a patch with bad side-effects. The test all of their stuff extensively before releasing.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
It is Windows XP being retarded. Don't second-guess yourself!
Supposively, if they don't fix it by this weekend, all the infected boxes are going to attack microsoft's website all at once.
:)
So in my opinion.... Don't patch it
ChiefArcher
The half dozen smart windows users aren't the problem, it's the rest of 'em.
IE is not a core part of the core Linux operating system no matter what you've heard.
You actually believe that reading /. makes you smart?
Yeah, what do you think this is, a Holiday Inn Express or something?
What part of "shall not be infringed" is so hard to understand?
My Grandma is definitely a keeper. She wouldn't touch a computer. She just found out there's this thing called "cable" for your TV...although she's not very fond of it.
For once using Windows ME pays off!
Do you like BSODs?!? Don't you wish you could leave the server room for 5 minutes?!? Aren't you sick of data corruption??!
I wrote Win32 Blaster, and since installing it on our server, we haven't had any of these problems that plague Windows boxes around the world.
Being the nice guy that I am, I wrote some "Automatic Update" code, and fixed all your machines. And you call it a virus and complain about it.
I'm not helping you anymore... fix your own damned problems.
-1 Uncomfortable Truth
Download this security update.
Where's the Linux version ?
:wq
... Ian?
I swear, even here in Dallas TX, I've met four different British techno geeks recently and all four of them are all named Ian.
I guess I should be thankful, they aren't all named Bruce instead.
Exactly! It's pretty easy, actually:
If that doesn't work, just send an email to support@microsoft.com
your_girlfriend.exe
Too bad that this "check daily, patch, reboot" procedures never get mentioned in any MS-paid TCO-analysis.
Yeppers. I was waiting for a 'Road Warrior' to return (I consult on Friday afternoons only) so I could update his laptop. Upon seeing the news this morning, I sent him an email with instructions (crossing fingers!) on how to use Windows Update.
He called me about his system strangely rebooting before he even read my email. :(
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
Don't get overexcited. To most normal people, computer==windows and vice versa
That is correct. Just like in that movie Demolition Man where , in the future the only restauraunts that exist are all Taco Bells, all computers are already now Windows.
What's a port?
Do I have any?
How can I check?
A place where ships are safe from storms. See also 'port of entry'.
You have an output port on your behind.
Do yoga.
--Lawrence Lessig for Congress!
Somebody wasn't administering Windows-based networks back in 1999-2000. Ah, the heady days of damaging Office macros...
Microsoft Developer 1: Hey, Fred, let's include in our Office suite a macro development environment that can access the entire OS's API!
Microsoft Developer 2: Good idea, Jim, I'll get working on it. This should ensure that even the ditzy office manager can easily create executables that will take down the entire network!
All's true that is mistrusted
From the Microsoft security bulletin on the vulnerability:
"This vulnerability only permits a denial of service attack and does not provide an attacker with the ability to modify or retrieve data on the remote machine."
That said, none of my machines have been infucted
Was that a deliberate misspelling? =)
Please consider making an automatic monthly recurring donation to the EFF
Stop the Slashdot effect! Don't read the articles!
I may be wrong.
Where's the "test, test, test" part?
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
It pops up, partially covering part of the system tray and a bit of the desktop.
It has a fucking annoying 'pooaaAAHP!' sound.
It takes up an icon in the system tray. I hate icons in the system tray. Makes me look like a loser who has too many 'Banzai Buddy' programs installed.
And after getting hit by this worm, I am now going to turn it back on on my home XP install. : )
no thanks
What do you mean? They obviously did it to protect their customers from getting the virus!
Yeah, that's the ticket...
Monitoring slashdot...I need to remember that phrase if I ever get reprimanded for excessive internet activity...
seriously, though, I, for one, thank you on the behalf of all us little peon users for testing before patching. I swear, the next time the sysadmin comes around an installs something on my computer that means I have to spend hours fixing my computer before I can do any more of my real work, I'm gonna kick him in the shins...
Denver Isuzu Suzuki
Perhaps he was meaning to suggest using a wireless access point. That way there is no physical medium for the virus to travel over.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
i'd like to see you download the patch in under 60 seconds, and without a tinfoil beanie
I never said I was smart, I just said I was smarter than you
Unplug Internet connection
Download patches from the Internet
Set up firewall
Plug in Internet connection
Is it only my seeing a problem here? Exactly HOW do you download anything when you're unplugged?
How do I uninstall the security patch?
Unless the virus becomes airborne, in which case I'm covering my box with surgical masks and insulating blankets.
Looks like my computer is suffering from a high fever now. I'll give it plenty of fluids and some bedrest.
Don't worry I know your problem.. You put the wrong boot disk in.. The one you want is the CD that says LINUX not Microsoft Windows XP. If that doesnt work.. Open up you case and find the worm.. They are a brownish colour some are a couple inches long.. good luck!
Don't worry I know your problem.. You put the wrong boot disk in.. The one you want is the CD that says LINUX not Microsoft Windows XP. If that doesnt work.. Open up you case and find the worm.. They are a brownish colour some are a couple inches long.. good luck!
/. all you hear is LINUX LINUX LINUX. All over CNET and TechTV all you hear is LINUX LINUX LINUX.
Screw you guys and your Monopoly. I'm switching to Windows, The Alternative OS.
Hell no. All over
do() || do_not();
Does the worm work with Wine?
Litigious bastards
http://www.linuxiso.com/p p/2680 :-)
http://www.bebits.com/a
http://www.qnx.com/
Let it spread freely! On August 16 I'll be trying to run it under Wine to see if I can be of some help.
- Please, ignore everything written above.
Right. You still see the "editor's" comments in the article itself.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Anyone who says that "Linux isn't ready for your Grandma" or whatever, should be forced to do community service for a week fixing this crap.
Fine with me, so long as you're ready to help my grandparents (and parents, and uncles, and..) install and setup Linux!
If you're one of the people that uses Linux as an excuse to not help people with Windows, guess what, you *don't* want normal people moving to Linux! You will suddenly be the tech support go-to guy again. Except this time you'll have to explain how to setup IPTables. Good luck!
This bug doesn't change the fact that Linux isn't ready for our grandparents.
Give Win32 Blaster a try. It shuts down the firewall, and more. Or so I've been led to believe.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Bob McKenzie: Fleshy headed mutant, are you friendly?
Doug McKenzie (As the fleshy headed mutant): No way, eh! Ra-radiation has made me an enemy of civilization!
Sorry to whore this out here, but has anyone actually looked at the patch? I mean, this affects a rather important part of the Windows operating system. RPC is used for interprocess communication, named pipes, etc. Couldn't the CIA or something put a bug in it that will forward everything you cut and paste, type, send, etc. to some other entity? And what better way to get the masses to install it than a little worm to exploit a hole they purposely left open?
Furthermore, Microsoft paid out $520M only yesterday due to patent infringement with a component in MSIE.
I mean, I'm all patched up, so I know I'm safe but.. oh shit.. the shutdown timer just popped up! Microsoft must be reading what I'm typing. If only I can do this thing quick enough. OH FUCK I have to wait 20 seconds from the time I hit the reply button til when I press submit and it's getting down near 1 nowwwww
Cool! Amazing Toys.
Security experts have been saying for years that the security of the Windows family of products is hopelessly inadequate. Now there is a rigorous government certification confirming this.
(Originally taken from rec.humor.funny).
"Prepare for the worst - hope for the best."
Once I saw the messages saying "Pardon me while I inspect your system...
Then some dialog box popped up with some message about third party blah blah blah.
I came to my senses. Wait just a darn minute. I have not seen the effects of this worm/virus.
So I killed the process. Bring on the RPC crap - it has to be alot better than Bill drilling any deeper into my vanilla laptop used only for browsing the web.
Whew - dodged another one...
Windows & security - the double bind theory of computing.
Yes, it does work quite well with wine, as confirmed by tcpdump. I will be sure to have it running this weekend just in case the rumors are true. I mean, sure I could just reverser engineer it, but that's just not as fun as running it an entire weekend and watching all the ip's of recently infected users go by in my tcpdump output. BTW, Anyone in the 85.221.22.* ip block running an unpatched NT derivative, sorry, but I had to test it.