FBI Looks For Source Of Internet Infection

Discussion in 'Industry News' started by Dom, Aug 14, 2003.

  1. Dom

    Dom New Member

    Joined:
    Jun 30, 2002
    Messages:
    12,940
    Likes Received:
    0
    Trophy Points:
    0
    The FBI yesterday joined the hunt for the source of an Internet worm that was estimated to have infected more than 250,000 computers this week.

    As users patched the holes that made their computers vulnerable, it became clear that electronic attacks target both the humble to the mighty. Home users were believed to be most affected, but on Tuesday the "Blaster" worm reached into a dozen computers in the U.S. Senate and caused the Federal Reserve Bank of Atlanta to shut down most of its computer system. The worm interrupted work for two days at CBS in New York.

    Nearly half the 250,000 infected computers are in the United States, said Alfred Huger, senior director of engineering at Symantec Corp., a security software company.

    Huger said the number of new infections has dropped nearly 50 percent since the worm's peak Tuesday morning, but that new, more invasive versions of the worm will probably emerge.

    "It's very likely that in short order we'll see revisions of the worm that are faster, more efficient and more destructive," Huger said. Internet security experts already have detected at least two new versions of the worm, but the changes are minor.

    The FBI's cyber division is trying to identify the source and author of the worm, said spokesman Bill Murray. Officials from the Department of Homeland Security are participating in the inquiry. Murray declined to say whether the FBI had any leads.

    Read More...
     
  2. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    Why don't these people just update their computers w/ the critical updates? Sheesh-
     
  3. krazy1

    krazy1 Live from the Dungeon

    Joined:
    May 13, 2003
    Messages:
    1,395
    Likes Received:
    1
    Trophy Points:
    0
    Updated and get a firewall...... Our network here at work got hit by it very minimal... and that was becasue some of the people with laptops brought it in on their laptops(connected to the internet at home and then logged into our network)...... Didn't stop us here. We sniffed out the 7 laptops and pulled them off the network. Pulled that bad boy blaster.exe off of them and all is good......
     
  4. toddsmack2k

    toddsmack2k It Never.....

    Joined:
    Nov 4, 2002
    Messages:
    3,173
    Likes Received:
    1
    Trophy Points:
    0
    You do realize some people got it even though they were up to date. Your not always safe.
     
  5. Dyre Straits

    Dyre Straits 10 Grandkids -2 Great-grandsons

    Joined:
    May 13, 2002
    Messages:
    19,460
    Likes Received:
    2,383
    Trophy Points:
    153
    I did....and still got hit.
     
  6. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    Were you guys who got it and were patched on home lans?

    Did you have all your unneeded services turned off?

    Did you have firewalls and AV programs running?

    Just wondering what the common factors are in getting the attack when you are on an updated system.
     
  7. Dyre Straits

    Dyre Straits 10 Grandkids -2 Great-grandsons

    Joined:
    May 13, 2002
    Messages:
    19,460
    Likes Received:
    2,383
    Trophy Points:
    153
    Yes,

    Home LAN, Patched - I'm very serious about keeping things up to date via Windows Update, VS Updated, Behind a Router, Connected by Comcast Cable.

    I had also turned off Services via the Tweak Guide provided elsewhere....in order for games to play better.

    It would be interesting to see how many other Comcast customers were affected.

    Here's what's interesting: Right after reformatting the HD and getting XP back up and running, the very first thing I had to deal with was MSBlaster again. That was before I could even connect to Windows Update and get any of the patches or updates. So, I'm thinking that it somehow survived the reformatting.
     
  8. krazy1

    krazy1 Live from the Dungeon

    Joined:
    May 13, 2003
    Messages:
    1,395
    Likes Received:
    1
    Trophy Points:
    0
    When you formated did you do a full format or a quick??
     
  9. Dyre Straits

    Dyre Straits 10 Grandkids -2 Great-grandsons

    Joined:
    May 13, 2002
    Messages:
    19,460
    Likes Received:
    2,383
    Trophy Points:
    153
    It most likely was the 'quick' one as that's what the Seagate CD did. So, yes, it likely left remnants on the HD.

    So far, after all of this, things seem to be to normal.....if there is such a state. :)
     
  10. Al_Vampyre

    Al_Vampyre Well-Known Member

    Joined:
    Jan 28, 2003
    Messages:
    1,512
    Likes Received:
    40
    Trophy Points:
    58
    Bill Murray works for the FBI??? What next Arnie running for State Governor?????:D :D
     
  11. Silverfox

    Silverfox New Member

    Joined:
    Mar 24, 2003
    Messages:
    304
    Likes Received:
    1
    Trophy Points:
    0
    I was fortunate and was not infected, but for anyone that was, or may be in the future with new revisions of this worm, you may want to download the newest version of adaware 6.0 that has a new reference file and remedial solutions to this latest virus. ;)
     
    Last edited: Aug 14, 2003
  12. amdking

    amdking New Member

    Joined:
    Oct 15, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    0
    Windows Updates dont mean crap.
    It was because of an error in a previous windows update that this virus infected everyone.

    Thats what I read several places.
     
  13. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    I beg to differ- I was updated and it didn't touch me- My firewall wasn't on either, and neither was auto protect or script blocking- So what protected me- and why did everyone I know get it? And the only difference was that I was fully updated and they weren't. Hmmm:hmm:
     
  14. krazy1

    krazy1 Live from the Dungeon

    Joined:
    May 13, 2003
    Messages:
    1,395
    Likes Received:
    1
    Trophy Points:
    0
    I for one can say my firewall kept my a$$ safe.... as for my firewall.... it is getting a good workout :eek: but it is holding strong and true. Out of all teh reading I have been doing there are 2 things you need to have on your system to be safe. One is the patch and the other is DirectX 9b. We found that out here at work doing some research. Yea I know you are probably saying "DirectX 9b??" Yep it patches one of the system holes this thing plows through. I find it funny alot of sites have not mentined this but one of our security people found a thing on it. Having these 2 patches DOES NOT mean you will not get infected in the next wave!! Get a firewall up! Even Dial-up people are vulnerable to this. Here are the ports they now recomend keeping closed:
    69/UDP
    135/TCP
    135/UDP
    139/TCP
    139/UDP
    445/TCP
    445/UDP
    4444/TCP

    One of the new varients is now called "teekids.exe" and there are several more expected to be hitting soon.

    As for those of you on ComCast, here is something for you....
    "In addition to causing major headaches for users and IT staffs, Blaster is also being blamed for some service problems on Comcast Corp.'s cable modem network. Several Comcast customers said their service had been down for extended periods during the last couple of days and that Comcast officials said Blaster was to blame."


    Get those systems patched and for your sanity, get a firewall up!!!
     
  15. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    I saw that too- that dx9.0b was partially for a security risk, kind of crazy-

    Hey, how do you shut ports w/o a firewall? I know some can be shut by turning off certain unneeded sevices, but what about other ones- Is it possible to do w/o a firewall? And- I know netbios leaves a port open you can easily shut by going to advanced tcp/ip settings, wins tab, netbios settings, click disable netbios over tcp/ip.
     
  16. Silverfox

    Silverfox New Member

    Joined:
    Mar 24, 2003
    Messages:
    304
    Likes Received:
    1
    Trophy Points:
    0
    I also had recently updated the latest windows update security patch and that may have been the reason I was not infected. Also I am an AOL member, and to my understanding, correct me if Im wrong, AOL has a built in firewall in their server, that users cannot disable even if they wanted to. That also may have helped my rig from being infected. The main thing is to try and help the unfortunate folks that were infected and suggest program solutions, that may help curb future revisions of this type worm, which we all know will always exist! ;)
     
  17. krazy1

    krazy1 Live from the Dungeon

    Joined:
    May 13, 2003
    Messages:
    1,395
    Likes Received:
    1
    Trophy Points:
    0
    Really the only way to shut all the ports from the outside world is a firewall..... You are right by shutting down some services.... best way to be safe is get a firewall.....
     
  18. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    Oh, another thing of interest-

    I just got done fixing my mom's PC over the phone, walking her through it- (she didn't have the latest updates)


    THESE are the things I had to fix on here PC- She got THREE of them before it was all said and done.

    these are:

    The Blaster one,

    W32.Randex.E, and

    W32.Spybot.worm.



    After I got the machine all updated, ran Norton a few times, and follwed removal directions, all is well. NO firewall on that machine at the time either-
     
  19. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    I think I'm just going to buy a NAT router- I hate software firewalls.
     
  20. ErrorS

    ErrorS New Member

    Joined:
    Nov 3, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    dude, thats the point of mblaster. all it has to do is send some shiet to a certain unprotected port and you get the virus. It didnt survive the formatting, you just got infected the second your internet was connected after doing a fresh install.

    I know I got it right after a fresh install and I had never had it before. It's because I hadn't had time to update..

    It's going to be like this until we get a new OS. You'll get hit with the virus or a clone of the virus the instant you do a fresh install of windows and are on the internet. Until you download the patch
     

Share This Page

visited