New Microsoft virus in the wild with no patch to fix

Discussion in 'Current Events' started by peterjhill, Oct 10, 2003.

  1. peterjhill macrumors 65816

    peterjhill

    Joined:
    Apr 25, 2002
    Location:
    Seattle, WA
    #1
    It looks like Microsoft needs to go back and look at their code again. There is a new virus in the wild that is exploiting port 135. Security people have yet another reason to be upset at the Redmond giant.

    As seen on full disclosure:
    From: "3APA3A" <3APA3A@SECURITY.NNOV.RU>
    To: <bugtraq@securityfocus.com>; <full-disclosure@lists.netsys.com>;
    <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
    Cc: <Secure@microsoft.com>
    Sent: Friday, October 10, 2003 6:48 PM
    Subject: Bad news on RPC DCOM vulnerability


    Dear bugtraq@securityfocus.com,

    There are few bad news on RPC DCOM vulnerability:

    1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
    again actual.
    2. It was reported by exploit author (and confirmed), Windows XP SP1
    with all security fixes installed still vulnerable to variant of the
    same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
    exists, but code execution is probably possible. Technical details are
    sent to Microsoft, waiting for confirmation.

    Dear ISPs. Please instruct you customers to use personal fireWALL in
    Windows XP.
     
  2. baby duck monge macrumors 68000

    baby duck monge

    Joined:
    Feb 16, 2003
    Location:
    Memphis, TN
    #2
    oh good. another one. any word on what this actually does, or what we can expect as far as spreading goes?
     
  3. Rower_CPU Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #3
    Great...just when my campus was finally starting to clean up all the machines infected by Nachi.

    Hopefully the antivirus companies can nab this one in the meantime.
     
  4. applemacdude macrumors 68040

    applemacdude

    Joined:
    Mar 26, 2001
    Location:
    Over The Rainbow
    #4
    My whole school just got a virus, all of them...they shut down once you turn them on ...bs...

    at my ms we never got a virus with the little bondi imacs we had
    go to hs and use those compaqs and you get a whole ******** of viruses...they dont even have have a good firewall which they could use to protect themselves from all the student hackers and viruses,,,,:mad: :rolleyes:
     
  5. Java macrumors regular

    Joined:
    Jan 13, 2003
    Location:
    Marin County (where else?)
    #5
    get out the popcorn

    Starts to play, "Another one bites the dust" by Queen. Ohh, that could be the MS theme song for their next OS. (Remember when they used, "Start Me Up" by the Stones?)
     
  6. yamabushi macrumors 65816

    yamabushi

    Joined:
    Oct 6, 2003
    #6
    I don't understand why Microsoft didn't enable the firewall in Windows XP by default. Each user has to actually turn the thing on. I have noticed that it sometimes manages to spontaneously turn itself off. Of course most of the millions of users of older versions of Windows don't have a software firewall at all. Scary thing is that the same thing goes for most users of older Macs. The default settings in OSX tend to be much more secure.
     
  7. GeeYouEye macrumors 68000

    GeeYouEye

    Joined:
    Dec 9, 2001
    Location:
    State of Denial
    #7
    OTOH, the classic Mac OS was unhackable; someone offered $10,000 to anyone who could hack a Mac OS based server on the web, and no one ever succeeded.

    BTW, I believe that this particular bug uses a very similar exploit to Slammer. Any machines with port 135 closed should be good against this.
     
  8. peterjhill thread starter macrumors 65816

    peterjhill

    Joined:
    Apr 25, 2002
    Location:
    Seattle, WA
    #8
    Slammer targetted SQL, port 1433 and port 1434. It is very difficult to close port 135, as there are a number of windows processes that listen on that port. Host based firewalls are probably the best bet.

    Blaster and Welchia were to big port 135 viruii this summer.
     

Share This Page