Guest zerodamage August 14, 2003 Share Guest zerodamage Guests August 14, 2003 There are now 2 copycats on the net right now, basically the same thing as msblast but with different names and messages. I know of one copycat for sure. Teekids.exe I know of for sure. Link to comment Share on other sites More sharing options...
dwEEziL August 14, 2003 Share dwEEziL Member August 14, 2003 I have heard of at least 4 variants, 3 of which (as of this afternoon) are detected by the lastest NAV VDF (virus definition file). The Teekids.exe was the one that WAS NOT detected. Again, if you have not patched your computer yet, do so. Also, if your computer IS patched but you don't remember doing it, you might look around for suspicious activity because some of the variants will actually infect you THEN patch it so that some other hacker doesn't steal the box. Link to comment Share on other sites More sharing options...
dwEEziL August 14, 2003 Share dwEEziL Member August 14, 2003 (edited) Another new variant...and this one leaves a backdoor. "Another Blaster variant - this one leaves a backdoor open: "5. Uses Cmd.exe to create a hidden remote shell process that will listen on TCP port 4444, allowing an attacker to issue remote commands on an infected system." You get hit by this one, you can't just disinfect and go on with your life - you have to examine the possibility that somebody did something with that shell.... http://securityresponse.symantec.com/avcen...worm.html" Link fixed Edited August 15, 2003 by dwEEziL Link to comment Share on other sites More sharing options...
Guest zerodamage August 15, 2003 Share Guest zerodamage Guests August 15, 2003 Your link is broken Dweez. ON the top here is all 5 current variants included the trojan packed with one of them. http://securityresponse.symantec.com Link to comment Share on other sites More sharing options...
Guest Inferno August 15, 2003 Share Guest Inferno Guests August 15, 2003 how can i check to see if my system is being attacked? Link to comment Share on other sites More sharing options...
Guest zerodamage August 15, 2003 Share Guest zerodamage Guests August 15, 2003 Do you have a firewall of some sort or another? Link to comment Share on other sites More sharing options...
Guest Inferno August 15, 2003 Share Guest Inferno Guests August 15, 2003 prolly... Link to comment Share on other sites More sharing options...
Watchtower August 15, 2003 Share Watchtower Member August 15, 2003 My 135 is "stealth" Link to comment Share on other sites More sharing options...
dwEEziL August 15, 2003 Share dwEEziL Member August 15, 2003 There are a couple of utilities available to check if you are vulnerable. The only problem is of the 2 I can recall right now, both give false posivitives and negatives. Also, some of the variants of the worm actually patch the machine after infecting it so even though your machine shows as not vulnerable, if you can't remember patching it, be suspicious. MS Scanning tool eEye Vulnerability tool Link to comment Share on other sites More sharing options...
Slaphappy August 15, 2003 Share Slaphappy Member August 15, 2003 Do not put it on TCP on only, put on BOTH. umm both is not an option I have TCP, UDP, ICMP, and * what do I put it on? Link to comment Share on other sites More sharing options...
bullet-401 August 18, 2003 Share bullet-401 Member August 18, 2003 A couple people got blaster at the lan. I think it was Longhair and someone else. Link to comment Share on other sites More sharing options...
Guest zerodamage August 18, 2003 Share Guest zerodamage Guests August 18, 2003 Do not put it on TCP on only, put on BOTH. umm both is not an option I have TCP, UDP, ICMP, and * what do I put it on? * means all. Use that. Link to comment Share on other sites More sharing options...
Slaphappy August 18, 2003 Share Slaphappy Member August 18, 2003 sweet thats what I chose... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now