Page 1 of 1

MSBlast/Lovsan worm is making the rounds

Posted: Tue Aug 12, 2003 2:29 pm
by munky
It's important for all users (EFnet or otherwise) to patch their computers against the recent RPC/DCOM exploits.

This worm will exploit RPC, opening a shell to download (via tftp) the remainder of the worm. The worm then starts scanning (mostly) random IP's to furhter infect. When the shell is closed, RPC will crash, which may make it difficult to patch your machine.

If you are having problems patching because of RPC constantly crashing, follow the directions here. A tool for cleaning the worm is here, with directions for use.

For further information, read the following:
http://www.f-secure.com/v-descs/msblast.shtml
http://vil.nai.com/vil/content/v_100547.htm

Posted: Tue Aug 12, 2003 4:31 pm
by corrupt
Like munky said, it is CRUCIAL for you to patch this security hole if you are running Windows. It is perhaps the easiest hole to exploit that Microsoft has had in a while. You might even have drones running on your computer now. Update your virus definitions and operating systems!

Posted: Wed Aug 13, 2003 1:03 pm
by munky

Posted: Mon Aug 18, 2003 3:58 pm
by munky
an amusing update

http://lnks.us/?V31J5J

Posted: Wed Aug 20, 2003 3:55 am
by Osc
and the interesting fallout from such 'white worms'
http://smlnk.com/?DDNA3NGQ