As always folks, prevention is the best cure.

Grisoft AVG AntiVirus for Microsoft Windows can be downloaded and used on any non-server version of Windows for FREE. Win98, Win98SE, Win2K, WinXP Home and WinXP Pro users either private, student or professiona/business may use this product for free.

Grab it here:

http://www.grisoft.com/us/us_dwnl_free.php

Please folks, don't be stupid and not run anti-virus software. If your computer pays your rent/mortgage/dinner, then don't risk it!

I would agree with the need for running AntiVirus Software
(and AVG is better than nothing...slightly)
However that wouldnt stop sasser, which is a direct exploit like the MSBlaster worm was, to prevent this, update your patches and run a firewall

Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732) (http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx)

get the microsoft update cd for free, there is a special version of f-secure internet security included which runs for 6 month for free

yeah, a lot of my friends thought they were OK but their LiveUpdate was like, a day too old and they were hit with the virus.

Though it is interesting to note that overall, this virus has not spread as rapidly as the original Blaster worm. Poor code, as it seems. =)

Actually, what I'm more interested in is how they programmed the random number generator that they used for port and IP number scanning. From what I remember, the worm just goes around scanning IP's and ports until it finds something open, then it uses the security hole in LSASS to FTP connect, copy itself to the system, and then run itself. The success of a worm is often how well the number generator is written, if it uses that kind of concept, that is.

Originally posted by singularity2006

Actually, what I'm more interested in is how they programmed the random number generator that they used for port and IP number scanning. From what I remember, the worm just goes around scanning IP's and ports until it finds something open, then it uses the security hole in LSASS to FTP connect, copy itself to the system, and then run itself. The success of a worm is often how well the number generator is written, if it uses that kind of concept, that is.

if you have that worm on your machine sniff it (eg with windump)... such worms mostly just count trough the mask with pseudo-random start points

Im currently repairing the damage caused by the Microsoft KB835732 (http://support.microsoft.com/?kbid=835732) (MS04-011) patch on my browser box, sometimes your damned if you do and damned if you dont :p


For example, one of four security patches (http://www.theregister.co.uk/2004/04/28/ms_testing_u-turn1/) released by Microsoft this month (MS04-011) has caused trouble for several Register readers, reflected more widely in postings to Internet news groups. Some Windows 2000 users have reported troubles in booting PCs, using anti-virus packages and problems with their sound cards, after applying the fix.

The four patches fixed 20 vulnerabilities in total. The problematic patch is designed to correct 14 Windows bugs alone. One of these – an SSL vulnerability – has been the subject of an exploit and sustained hacker attack this month. Not applying the patch creates DDoS and system compromise risks but applying the patch can create system instability problems.

its been a problem only on my browser box
(which is why Im currently typing on a 900MHz backup :p)
all in all 1 out of 4 computers all with W2K

V1.2 April 28, 2004: Updated Caveats section to reflect the availability of a revised Microsoft Knowledge Base Article 835732. It documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.

Issues (http://support.microsoft.com/default.aspx?scid=kb;en-us;835732)Microsoft has released security bulletin MS04-011. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

For additional information about known issues that may occur after you install the security update, click the following article numbers to view the articles in the Microsoft Knowledge Base:

840997 You cannot view enhanced metafile format graphics files (or EMF image files) that were create in Adobe Illustrator

841384 "STOP 0x00000079" error message after you install the security update that is described in Microsoft Security Bulletin MS04-011 on a Windows NT 4.0-based computer

841382 Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011

For additional information about general issues that may occur when you install software updates that replace the Ntoskrnl.exe file, click the following article numbers to view the articles in the Microsoft Knowledge Base:
246507 Windows NT does not start, error message about Ntoskrnl.exe

224526 Windows NT 4.0 supports maximum of 7.8-GB system partition



see link for additional embedded links

Hey guys symantec, just posted a virus removal tool.

I had this sucker this weekend, but after updating my copy of Norton, my machine was cured.

Go here to get the tool or patch to remove it:

http://www.symantec.com

-R

Has anyone here had mixed results with the Symantec patch tool? With systems I've worked with, the various patches that have come out over the years have had mixed results. The most sure fire way is a manual removal. But do give that removal tool a shot.

This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.