Slashdot Mirror

← Back to Stories (view on slashdot.org)

Win32 Blaster Worm is on the Rise

Posted by CmdrTaco on from the i-can't-hold-her-together-any-longer-captain dept.

EvilNight writes "You know you've got it when a 60 second shutdown timer pops up on your screen. The virus uses the RPC vulnerability. It looks like it's reaching critical mass today. Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and download the removal tool." Update: 08/12 19:19 GMT by M : Security bulletin URL corrected.

9 of 1,251 comments (clear)

  1. McAfee has a removal tool by modme2 · · Score: 0, Redundant

    McAfee has a removal tool that works well detects 28 other trojans/worms/virii too, if i remembered the name i'd let you know ;)

  2. Re:Nice touch. by bbum · · Score: 0, Redundant

    That title was intended to be sarcasm, by the way.

  3. Re:Honest question by killmenow · · Score: 3, Redundant

    (Better yet)

    To whom it may concern:
    Why aren't you blocking stupid useless open ports from the Internet? There are freely available tools if you insist on running Windows. Then again, most electronics stores sell standalone broadband firewall/routers. If you used one of those, you could take your time and patch whenever you feel like it...

    I tell all those in my circle of influence: never connect to the Internet without a firewall in place. It makes no difference what your host OS is. At the least, you should be running a host-based firewall like Zone Alarm or ipchains/ipfilter/etc. Even better is a standalone box that does nothing but firewall. It's just prudence...even on a simple home PC or LAN.

  4. Dummy Steps if that Program Doesn't Work by JacobD · · Score: 0, Redundant

    1. Ctrl + Alt + Delete on windows xp and kill the msblast.exe process.
    2. Open Windows Explorer, go to the C:\Windows\System32 folder and delete the msblast.exe program.
    3. Start > Run > Regedit. Hit Edit then Find and type in msblast and remove the key in your registry.
    4. Reboot.
    5. Install the patch (Why didn't you do this during the month before you were hit with this poorly coded POS?)
    6. Virus scan. Free online virus scan at http://housecall.antivirus.com.

    Real simple folks.

  5. Masters of FUD by gregarican · · Score: 0, Redundant

    It's ironic. SCO has to spend big dollars on high priced legal help to spread FUD. Microsoft simply has to hire cheap, fresh-out-of-college programmers to write lazy code that lacks input boundary checking :-)

  6. Re:Honest question by Texodore · · Score: 0, Redundant

    I can't agree more. I personally have received 5 messages from our company's IT department commanding employees to install the patch on all computers. That doesn't include all the constant news concerning this vulnerability.

    Anyone else received a bazillion notes from the IT department to patch systems?

  7. Re:shutdown /a by repvik · · Score: 0, Redundant

    How are you supposed to get all the patches with the network cable unplugged?

  8. Re:shutdown /a by Eric+Ass+Raymond · · Score: 0, Redundant
    Come on. Are you people really exposing your computers to the net before you've secured them or at least put them behind a firewall?

    You get all the patches on a CD: downloaded and burnt using a computer that's behind a firewall or ordered from Microsoft and delivered via snailmail.

    --
    BOO! TERRO
  9. Re:shutdown /a by walt-sjc · · Score: 0, Redundant

    Since this thing works by hitting the RPC services on port 135 and sometime 4444, this means that he had no firewall at all. What kind of idiot doesn't use any firewall? ESPECIALLY on a Windows box...

    Sigh. Some people are just ASKING to get hacked.