Jump to content

The Worm is attacking!

Guest zerodamage

By Guest zerodamage, Guests
in Tech Reviews, Support and PC Builds

 Share

Recommended Posts

Guest zerodamage

Guest zerodamage

Guest zerodamage
Guest zerodamage
Guests

There are now 2 copycats on the net right now, basically the same thing as msblast but with different names and messages. I know of one copycat for sure. Teekids.exe I know of for sure.

Link to comment
Share on other sites
dwEEziL Newbie

dwEEziL

Newbie
dwEEziL
dwEEziL
Member

I have heard of at least 4 variants, 3 of which (as of this afternoon) are detected by the lastest NAV VDF (virus definition file). The Teekids.exe was the one that WAS NOT detected.

 

Again, if you have not patched your computer yet, do so. Also, if your computer IS patched but you don't remember doing it, you might look around for suspicious activity because some of the variants will actually infect you THEN patch it so that some other hacker doesn't steal the box.

Link to comment
Share on other sites
dwEEziL Newbie

dwEEziL

Newbie
dwEEziL
dwEEziL
Member
(edited)

Another new variant...and this one leaves a backdoor.

 

"Another Blaster variant - this one leaves a backdoor open:

 

"5. Uses Cmd.exe to create a hidden remote shell process that will listen on

TCP port 4444, allowing an attacker to issue remote commands on an infected

system."

 

You get hit by this one, you can't just disinfect and go on with your life - you

have to examine the possibility that somebody did something with that shell....

 

http://securityresponse.symantec.com/avcen...worm.html"

 

Link fixed

Edited by dwEEziL
Link to comment
Share on other sites
Guest Inferno

Guest Inferno

Guest Inferno
Guest Inferno
Guests

how can i check to see if my system is being attacked?

Link to comment
Share on other sites
Guest zerodamage

Guest zerodamage

Guest zerodamage
Guest zerodamage
Guests

Do you have a firewall of some sort or another?

Link to comment
Share on other sites
dwEEziL Newbie

dwEEziL

Newbie
dwEEziL
dwEEziL
Member

There are a couple of utilities available to check if you are vulnerable. The only problem is of the 2 I can recall right now, both give false posivitives and negatives. Also, some of the variants of the worm actually patch the machine after infecting it so even though your machine shows as not vulnerable, if you can't remember patching it, be suspicious.

 

MS Scanning tool

 

eEye Vulnerability tool

Link to comment
Share on other sites
Guest zerodamage

Guest zerodamage

Guest zerodamage
Guest zerodamage
Guests
Do not put it on TCP on only, put on BOTH.

umm both is not an option I have TCP, UDP, ICMP, and * what do I put it on?

* means all. Use that.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...