PDA

View Full Version : MSBlaster Worm















q9
13th August 2003, 01:47 AM
If you don't have some sort of firewall software, then you probably wont be able to read this post or this:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html


Since getting on the net 30 minutes ago my firewall has logged 100+ hits from this worm alone! And they started immediately!!

Free firewall here:
http://www.zonelabs.com/store/content/home.jsp

or you can do what I did and buy Norton Internet Security which includes Norton Antivirus.

The more people that have firewalls, the less these things can spread.

Dean
13th August 2003, 10:01 AM
I got hit with this, but have since applied all the Windows updates and security patches to get rid of the problem... If you get a screen popup saying your computer has to be shutdown in 60 seconds, don't wait, shut it down straight away and disconnect your internet connection (probably do this first). there is a 1.2mb file you can download from Microsoft to fix this vulnerability in Windows XP.... but you gotta be able to get it and get it fast before the screen pops up again. if you are on broadband its easy, if on dialup... hmm don't know..

Here is the direct link for the download security patch
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en

Seahorse
23rd August 2003, 06:15 PM
Zone Alarm is a brilliant "Free" firewall...I have had it on my system for over 12 months and it has saved me from outside attacks on many occasions.

If you do not have a firewall installed....don't waste any time ....go to

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=pdb_za1

Unless you are a "Power Surfer" you will only require the "Vanilla" Zone Alarm (Free).....If you require more protection look at the upgraded models...but be assured Zone Alarm is more than adequate for us mere mortals

Be aware that it is a reasonable size download (3 Mb) but worth the time & effort.

Set up is quite easy...but do read the instructions, so that you understand what is going on...the first couple of days after installation are usually the worst as Zone Alarm won't let anything happen whilst on the net unless you confirm that all is OK...fortunately you have the option of allowing Zone Alarm remember who you do and do not trust.

Seahorse

ozwinner
23rd August 2003, 07:08 PM
Hi all
I have had Norton stuff for over 3 years now, I often wonder if all these viruses are actually made by the virus protection ppl, to keep you and me buying their products? :eek:
Cheers, Allan

Seahorse
23rd August 2003, 07:43 PM
There is probably a fair element of truth in what you say.....have you noticed that whenever there is a new virus scare, that it doesn't take too long for one of the big Virus Software operators to get some free airtime on the local news....touting that if you have their software installed that you would be safe from the latest Virus...very convenient.

Personally I use a combination of a Virus Checker and a Firewall. My Virus checker of choice is NOD32....not very well known but extremely efficient....only today it saved me from 4 individual attacks from the latest "sobig" virus.

Be aware that no matter how reputable you Virus Checker software is..it is only as good as the latest database it is working with. You have to continually ensure that you have the very latest database installed to be completely protected...make sure your update settings are correct. My software immediatly checks for new databases every time I log onto the net..then on the hour thereafter.

As stated in my previous post I also use Zone Alarm for my firewall...A Virus Checker alone will not save you from some of the creeps that prowl the net looking for opportunities to take control of your system...those using broardband a particularly easy prey.

If you think it isn't going to happen to you .....well you are living in dreamland...a year or so ago I thought I was safe just using a free virus checker alone...that was until some creep got into my system and actually locked my hard drive..yes "locked" it...the only way it can be unlocked is to use the same software the hacker used and know the code he keyed in...I have a funny feeling that even if I could find the "Mongrel" he would be unwilling to give me this information.!!!!

I now have a "DEAD" 20 Gig Western Digital Hard Drive sitting on my desk..reminding me to be ever vigilant.

Seahorse

q9
25th August 2003, 02:23 AM
I am confused - did they lock your file system, or the drive at firmware level?

If it is just the file system then a zero fill utility should fix it.

Theva
25th August 2003, 09:06 AM
Guys,

Ever wonder why these stuff only affect latest version of windows?

After the hassles I had with WindowsXP, I switched back to Win98SE. So far,no major problems.

Most of these new viruses including blasterworm doesnot affect Windows98 :D . There are some minor advantages in not being too uptodate HEHE.

Have the latest VET though.



Regards,
Theva

Seahorse
26th August 2003, 04:29 PM
G'day q9..

By locked.. I mean that I had a program installed onto my system (unknown to me) which alerted the hackers to when I was online....they then run some software that actually performed a hardware lock on my HDD. It beats me, but I guess they get some perverted fun out of doing this sort of thing.

The ability to lock the HDD is a function normally only required on Laptop computers, for security reasons due to their high theft rate. The function is usually not utilised on desktop systems but most HDD'S a capable of being locked.

Evidently terrorist groups are quite keen on using laptops for this very reason....the CIA have several laptops captured in Afganistan which even with their unlimited resources are unable to open.

The only way to unlock my HDD is to use the same software used to access the feature on my HDD and also have the security code used.....I figured it was cheaper just to buy a new HDD.

Seahorse

Sir Stinkalot
26th August 2003, 04:44 PM
Can you do a complete reformat? It will remove all of your data but you will at least get a 20Gb drive back .... and hey you have already lost your data from the sounds of things.

Seahorse
26th August 2003, 05:39 PM
Afraid not.....it is locked......and I do not have the key to the encryption....I have tried every possible thing to get access to it....made posts on lots of computer hardware Bulletin Boards etc..Western Digital won't respond to my requests for help....all their diagnostics say is that the HDD is locked....

It was only a 20 Gb drive and fortunately I had most of the important documents etc backed up to CD-Rom...to be honest with you it was cheaper to go to the local computer fair and purchase a new Western Digital 40Gb 100 ATA drive for $100.

I keep the old drive next to my monitor to remind me that you can never be too careful.......a hard lesson has been learn't, and for the life of me I still cannot figure out why the hackers singled me out for particular attention.

Seahorse

q9
26th August 2003, 05:42 PM
the only thing I can think of would be to try swapping the ic card on the drive...guys at my previous job did that with some success. Catch is you got to have the same type of drive spare...

Seahorse
26th August 2003, 05:53 PM
will give it some thought .....I have 2, 40Gb WD HDD's...but am bit nervous about breaking the warranty seals.............

q9
26th August 2003, 06:07 PM
Seen this?

http://www.binarybiz.com/hddrepair/supported-drives.php

Hmm..maybe not too useful after all...not sure...

Seahorse
26th August 2003, 06:19 PM
Thanks q9...I just took a look...interesting !!!!

Evidently I throw my Crook drive back into the system set up as as the "Slave"......make sure I have the right settings and ports open (will check in with Zone Alarm).....I then log into their site ..request a "tech" and then I guess I have to put some money in the slot.

It is definitely worth looking into (their rates also)....but as I mentioned before HDD's are cheap as chips at the moment.

Appreciate all your help.....

Seahorse

q9
26th August 2003, 06:32 PM
Let me know if it works...

Seahorse
26th August 2003, 06:36 PM
Will do...thanks for your generous assistance

Seahorse