The FBI yesterday joined the hunt for the source of an Internet worm that was estimated to have infected more than 250,000 computers this week. As users patched the holes that made their computers vulnerable, it became clear that electronic attacks target both the humble to the mighty. Home users were believed to be most affected, but on Tuesday the "Blaster" worm reached into a dozen computers in the U.S. Senate and caused the Federal Reserve Bank of Atlanta to shut down most of its computer system. The worm interrupted work for two days at CBS in New York. Nearly half the 250,000 infected computers are in the United States, said Alfred Huger, senior director of engineering at Symantec Corp., a security software company. Huger said the number of new infections has dropped nearly 50 percent since the worm's peak Tuesday morning, but that new, more invasive versions of the worm will probably emerge. "It's very likely that in short order we'll see revisions of the worm that are faster, more efficient and more destructive," Huger said. Internet security experts already have detected at least two new versions of the worm, but the changes are minor. The FBI's cyber division is trying to identify the source and author of the worm, said spokesman Bill Murray. Officials from the Department of Homeland Security are participating in the inquiry. Murray declined to say whether the FBI had any leads. Read More...
Updated and get a firewall...... Our network here at work got hit by it very minimal... and that was becasue some of the people with laptops brought it in on their laptops(connected to the internet at home and then logged into our network)...... Didn't stop us here. We sniffed out the 7 laptops and pulled them off the network. Pulled that bad boy blaster.exe off of them and all is good......
Were you guys who got it and were patched on home lans? Did you have all your unneeded services turned off? Did you have firewalls and AV programs running? Just wondering what the common factors are in getting the attack when you are on an updated system.
Yes, Home LAN, Patched - I'm very serious about keeping things up to date via Windows Update, VS Updated, Behind a Router, Connected by Comcast Cable. I had also turned off Services via the Tweak Guide provided elsewhere....in order for games to play better. It would be interesting to see how many other Comcast customers were affected. Here's what's interesting: Right after reformatting the HD and getting XP back up and running, the very first thing I had to deal with was MSBlaster again. That was before I could even connect to Windows Update and get any of the patches or updates. So, I'm thinking that it somehow survived the reformatting.
It most likely was the 'quick' one as that's what the Seagate CD did. So, yes, it likely left remnants on the HD. So far, after all of this, things seem to be to normal.....if there is such a state.
I was fortunate and was not infected, but for anyone that was, or may be in the future with new revisions of this worm, you may want to download the newest version of adaware 6.0 that has a new reference file and remedial solutions to this latest virus.
Windows Updates dont mean crap. It was because of an error in a previous windows update that this virus infected everyone. Thats what I read several places.
I beg to differ- I was updated and it didn't touch me- My firewall wasn't on either, and neither was auto protect or script blocking- So what protected me- and why did everyone I know get it? And the only difference was that I was fully updated and they weren't. Hmmm:hmm:
I for one can say my firewall kept my a$$ safe.... as for my firewall.... it is getting a good workout but it is holding strong and true. Out of all teh reading I have been doing there are 2 things you need to have on your system to be safe. One is the patch and the other is DirectX 9b. We found that out here at work doing some research. Yea I know you are probably saying "DirectX 9b??" Yep it patches one of the system holes this thing plows through. I find it funny alot of sites have not mentined this but one of our security people found a thing on it. Having these 2 patches DOES NOT mean you will not get infected in the next wave!! Get a firewall up! Even Dial-up people are vulnerable to this. Here are the ports they now recomend keeping closed: 69/UDP 135/TCP 135/UDP 139/TCP 139/UDP 445/TCP 445/UDP 4444/TCP One of the new varients is now called "teekids.exe" and there are several more expected to be hitting soon. As for those of you on ComCast, here is something for you.... "In addition to causing major headaches for users and IT staffs, Blaster is also being blamed for some service problems on Comcast Corp.'s cable modem network. Several Comcast customers said their service had been down for extended periods during the last couple of days and that Comcast officials said Blaster was to blame." Get those systems patched and for your sanity, get a firewall up!!!
I saw that too- that dx9.0b was partially for a security risk, kind of crazy- Hey, how do you shut ports w/o a firewall? I know some can be shut by turning off certain unneeded sevices, but what about other ones- Is it possible to do w/o a firewall? And- I know netbios leaves a port open you can easily shut by going to advanced tcp/ip settings, wins tab, netbios settings, click disable netbios over tcp/ip.
I also had recently updated the latest windows update security patch and that may have been the reason I was not infected. Also I am an AOL member, and to my understanding, correct me if Im wrong, AOL has a built in firewall in their server, that users cannot disable even if they wanted to. That also may have helped my rig from being infected. The main thing is to try and help the unfortunate folks that were infected and suggest program solutions, that may help curb future revisions of this type worm, which we all know will always exist!
Really the only way to shut all the ports from the outside world is a firewall..... You are right by shutting down some services.... best way to be safe is get a firewall.....
Oh, another thing of interest- I just got done fixing my mom's PC over the phone, walking her through it- (she didn't have the latest updates) THESE are the things I had to fix on here PC- She got THREE of them before it was all said and done. these are: The Blaster one, W32.Randex.E, and W32.Spybot.worm. After I got the machine all updated, ran Norton a few times, and follwed removal directions, all is well. NO firewall on that machine at the time either-
dude, thats the point of mblaster. all it has to do is send some shiet to a certain unprotected port and you get the virus. It didnt survive the formatting, you just got infected the second your internet was connected after doing a fresh install. I know I got it right after a fresh install and I had never had it before. It's because I hadn't had time to update.. It's going to be like this until we get a new OS. You'll get hit with the virus or a clone of the virus the instant you do a fresh install of windows and are on the internet. Until you download the patch
