And here's a MacInTouch-provided link to an article about this damned
worm:

http://news.com.com/2100-1002-5062364.html?tag=macintouch

This is a very nasty thing, people.

Luke Kaven wrote:

The Blaster/Posa/Lovsan worm will hunt you down and find you and cause
you downtime and abundant headache without your doing anything to
invite it. [I had such fun yesterday, all day] Hundreds of thousands
of systems are being infected right now, and they are out looking for
*you*!. If you run Windows2000/XP/NT, you want to download the listed
patch (KB823980) immediately, and I do mean immediately. If you use
Win2000, you need to be at least at Service Pack 2 to install this
patch.

Some of the early symptoms:

* If you see a process running called "msblast.exe", you have it.
* SVCHOST shuts down with errors
* Drag and drop stops working
* Add/Delete programs comes up blank with a "Cl&ose" button
* File Search will fail to launch
* Shift-Click in Internet Explorer (to launch in new window) does not
work
* Internet Explorer shows a blank version number (Help-About Internet
Explorer)
* Numerous programs (MS-Word/Excel, EZ-CDCreator, etc.), will not
launch
* Outlook Express will fail with (insufficient memory) if one tries to
send a new message

Here's hoping you have a worm-free day!

Luke

=====

From a notice posted by Jerry Bryant in microsoft.public.security -

SEVERITY: CRITICAL
DATE: August 11, 2003
PRODUCTS AFFECTED: Windows XP, Windows 2000, Windows Server 2003,
Windows NT
4.0, NT 4.0 Terminal Services Edition

WHAT IS IT?
The Microsoft Product Support Services Security Team is issuing this
alert
to inform customers about a new worm named W32.Blaster.Worm which is
spreading in the wild. This virus is also known as: W32/Lovsan.worm
(McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer
Associates). Best practices, such as applying security patch MS03-026
should
prevent infection from this worm.

Customers that have previously applied the security patch MS03-026
before
today are protected and no further action is required.

IMPACT OF ATTACK: Spread through open RPC ports. Customer's machine
gets
re-booted or has mblast.exe exists on customer's system.

TECHNICAL DETAILS: This worm scans a random IP range to look for
vulnerable
systems on TCP port 135. The worm attempts to exploit the DCOM RPC
vulnerability patched by MS03-026.

Once the Exploit code is sent to a system, it downloads and executes
the
file MSBLAST.EXE from a remote system via TFTP. Once run, the worm
creates
the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"windows
auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill

Symptoms of the virus: Some customer may not notice any symptoms at
all. A
typical symptom is the system is rebooting every few minutes without
user
input. Customers may also see:
- Presence of unusual TFTP* files
- Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory

To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32
directory or download the latest anti-virus software signature from
your
anti-virus vendor and scan your machine.

For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit
the following links:

Network Associates:
http://us.mcafee.com/virusInfo/defau...virus_k=100547

Trend Micro:
http://www.trendmicro.com/vinfo/viru...WORM_MSBLAST.A

Symantec:
http://securityresponse.symantec.com...ster.worm.html

Computer Associates: http://www3.ca.com/virusinfo/virus.aspx?ID=36265

For more information on Microsoft's Virus Information Alliance please
visit
this link: http://www.microsoft.com/technet/security/virus/via.asp

Please contact your Antivirus Vendor for additional details on this
virus.

PREVENTION: Turn on Internet Connection Firewall (Windows XP or
Windows
Server 2003) or use a third party firewall to block TCP ports 135,
139, 445
and 593; TCP ports 135, 139, 445 and 593; also UDP 69 (TFTP) for
zombie bits
download and TCP 4444 for remote command shell. To enable the Internet
Connection Firewall in Windows:
http://support.microsoft.com/?id=283673

1. In Control Panel, double-click Networking and Internet Connections,
and
then click Network Connections.
2. Right-click the connection on which you would like to enable ICF,
and
then click Properties.
3. On the Advanced tab, click the box to select the option to Protect
my
computer or network.

This worm utilizes a previously-announced vulnerability as part of its
infection method. Because of this, customers must ensure that their
computers are patched for the vulnerability that is identified in
Microsoft
Security Bulletin MS03-026.
http://www.microsoft.com/technet/sec...n/MS03-026.asp.
Install the
patch MS03-026 from Windows Update http://windowsupdate.microsoft.com

As always, please make sure to use the latest Anti-Virus detection
from your
Anti-Virus vendor to detect new viruses and their variants.

RECOVERY: Security best practices suggest that previously compromised
machine be wiped and rebuilt to eliminate any undiscovered exploits
that can
lead to a future compromise. See Cert Advisory:
Steps for Recovering from a UNIX or NT System Compromise.
http://www.cert.org/tech_tips/win-UN...ompromise.html

For additional information on recovering from this attack please
contact
your preferred anti-virus vendor.

RELATED MICROSOFT SECURITY BULLETINS:
http://www.microsoft.com/technet/sec...n/MS03-026.asp

RELATED KB ARTICLES: http://support.microsoft.com/?kbid=826955
This article will be available within 24 hours.

RELATED LINKS: http://www.microsoft.com/security/incident/blast.asp
As always please make sure to use the latest Anti-Virus detection from
your
Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your
Microsoft
representative or 1-866-727-2338 (1-866-PCSafety) within the US,
outside of
the US please contact your local Microsoft Subsidiary. Support for
virus
related issues can also be obtained from the Microsoft Virus Support
Newsgroup which can be located by clicking on the following link
news://msnews.microsoft.com/microsof...security.virus.

--
hank alrich * secret mountain
audio recording * music production * sound reinforcement
"If laughter is the best medicine let's take a double dose"

LeBaron & Alrich wrote:

And here's a MacInTouch-provided link to an article about this damned
worm:

http://news.com.com/2100-1002-5062364.html?tag=macintouch

This is a very nasty thing, people.

Luke Kaven wrote:

The Blaster/Posa/Lovsan worm will hunt you down and find you and cause
you downtime and abundant headache without your doing anything to
invite it. [I had such fun yesterday, all day] Hundreds of thousands

It is indeed very active. My hardware firewall is currently logging
hundreds of attacks per day on port 135.

bobs

Bob Smith
BS Studios
we organize chaos
http://www.bsstudios.com

I would advise against just hacking the registry - just have a look at
www.sarc.com - follow the link to the w32.blaster.worm. Symantec have a free
and very simple tool that fixes the damage and then takes you to the update
patch from Microsoft which fixes the v.vulnerability

Our uni was struck last night - it ground the servers to a halt with the
traffic and infected many of our 3000 computers.

Regards - Pat
www.patski.cjb.net


"Abhishek VERMA" wrote in message
m...
I had this same problem yesterday, the way i came around this is:

- Start Run regedit (on Windows XP Pro)
- Edit Find... (search for msbalster)
- anything which has a value of msblaster, delete it

NOTE: Would be nice to backup your windows registry first by File
Save as... in the Registry Editor.

I had 2 keys with the values containing "msblaster".

After you've done this, restart your computer and hopefully everything
should be sorted.

REASON: This worm is relatively new, and hence no (less)
support/anti-virus is available for it. This worm tries to start
itself on every restart through these registry values, so if u delete
these values the worm doesn't startsup.

A good thing to do would be download the windows updates from
microsoft's website.

HTH
Abhishek VERMA

Symantec have a free cleaup utility, and apart from the MS patch it
might be worth using a personal firewall like ZoneAlarm. A friend of
mine had his modem-connected PC infected yesterday, so that's no
protection! He's a drummer though, so I guess it's not surprising.

Ian

(Abhishek VERMA) wrote in message snip?

REASON: This worm is relatively new, and hence no (less)
support/anti-virus is available for it. This worm tries to start
itself on every restart through these registry values, so if u delete
these values the worm doesn't startsup.

A good thing to do would be download the windows updates from
microsoft's website.

HTH
Abhishek VERMA

Thank, I'll try that tonight.
-Rob

William Sommerwerck wrote:

I believe it is. Or a related one.

Log off. Check the Task Manager Processes window for msblast and kill the
process. Then find msblast.exe on your hard drive and delete it.

Then log on and install the Microsoft update. I did these things yesterday, and
that was the end of that.



I think my computer at home is infected, but I haven't heard symtoms
described like what it is doing. It keeps having a window pop up and
says "NTAUTHORITY\SYSTEM - Remote Procedure Call (RPC)"


It then says "save all information as your computer will now be shutting
down". Then a 60 second timer starts counting down and the computer
shuts down. It automtically restarts only to have the window pop up
again and start all over.


Does anybody know if this is the worm?

"GeeMima" wrote in message
...
I'm running Windows 98 SE, which I don't believe is vulnerable to the
MSBlaster attack. However, I just did a search using regedit and an
msblaster line showed up in Windows/Microsoft/Explorer. Should I delete
this key? My computer is running normally. Also, I ran task manager and
at
the top of the list is a line reading: " Beware the MSblaster Worm, it
will get you." Now, I'm freaking...

Okay, forget the task manager listing. It showed up because this NG message
was open in the background. Freak off...



"William Sommerwerck" wrote in message
...
I believe it is. Or a related one.

Log off. Check the Task Manager Processes window for msblast and kill
the
process. Then find msblast.exe on your hard drive and delete it.

Then log on and install the Microsoft update. I did these things
yesterday, and
that was the end of that.


I think my computer at home is infected, but I haven't heard symtoms
described like what it is doing. It keeps having a window pop up and
says "NTAUTHORITY\SYSTEM - Remote Procedure Call (RPC)"

It then says "save all information as your computer will now be
shutting
down". Then a 60 second timer starts counting down and the computer
shuts down. It automtically restarts only to have the window pop up
again and start all over.

Does anybody know if this is the worm?

"Rob Adelman" wrote in message

I think my computer at home is infected, but I haven't heard symtoms
described like what it is doing. It keeps having a window pop up and
says "NTAUTHORITY\SYSTEM - Remote Procedure Call (RPC)"

It then says "save all information as your computer will now be
shutting down". Then a 60 second timer starts counting down and the
computer shuts down. It automtically restarts only to have the window
pop up again and start all over.

Does anybody know if this is the worm?

For sure.

How did you catch it?

"Luke Kaven" wrote in message


The Blaster/Posa/Lovsan worm will hunt you down and find you and cause
you downtime and abundant headache without your doing anything to
invite it. [I had such fun yesterday, all day]

The short answer for disabling this virus a

(0) remove any network or modem cables attached to the machine.
(1) Bring your machine up in "Safe Mode" by pressing F5 while re-booting.
The virus will give you ample opportunities to do this.
(2) Go to My Computer
(3) Open up your "C" drive
(4) Open up the "Windows" folder
(5) Open up the "System32" folder in the "Windows" folder
(6) Delete the MSBLAST.EXE file.

You can avoid reinfection the next time you go online by downloading and
applying the (now) well-known fix from MS. The obvious challenge is getting
the fix before you get re-infected.

I'd like to know how people are catching this virus as a matter of fact. I
hear about bum email attachments, but it appears that it can be caught by
simply being online without adequate protection.

Arny Krueger wrote:

Does anybody know if this is the worm?


For sure.

How did you catch it?

No idea. Thanks for the fix though, going to try that tonight.

-Rob

William Sommerwerck wrote:

I believe it is. Or a related one.

Log off. Check the Task Manager Processes window for msblast and kill the
process. Then find msblast.exe on your hard drive and delete it.

Then log on and install the Microsoft update. I did these things yesterday, and
that was the end of that.


I did it, and here I am! Worked like a charm.

-Rob

Is it really that dangerous. I have just XP bundled firewall service,
and got nothing. I have all remote and sharing services dissabled (not
installed/ allowed). What's the deal?
Vladan
www.geocities.com/vla_dan_l
www.mp3.com/lesly , www.mp3.com/shook , www.mp3.com/lesly2
www.kunsttick.com/artists/vuskovic/indexdat.htm

On Wed, 13 Aug 2003 09:13:10 -0500, "GeeMima"
wrote:

I'm running Windows 98 SE, which I don't believe is vulnerable to the
MSBlaster attack. However, I just did a search using regedit and an
msblaster line showed up in Windows/Microsoft/Explorer. Should I delete
this key? My computer is running normally. Also, I ran task manager and at
the top of the list is a line reading: " Beware the MSblaster Worm, it
will get you." Now, I'm freaking...

Unless this was a joke, relax. What you see are references to reading
this thread.
Vladan
www.geocities.com/vla_dan_l
www.mp3.com/lesly , www.mp3.com/shook , www.mp3.com/lesly2
www.kunsttick.com/artists/vuskovic/indexdat.htm

Vladan wrote:
Is it really that dangerous.

Umm, no.


I have just XP bundled firewall service,
and got nothing.

Not the case for me. I got worms and I wasn't even going fishin'

I have all remote and sharing services dissabled (not
installed/ allowed).

Me too.

What's the deal?

Dunno, Glad the worm is gone though. Hope it doesn't come back.

In article writes:

A lot of ppl are getting this by simply being online. My firewall is logging
a scan on port 135 every 3 mins or so, and I am on dialup! Zone Alarm et al
with port 135 blocked will stop it.

I'm using the free version of Zone Alarm, and if that allows blocking
of specific ports, I haven't found it. It might be a feature only of
the the paid version. But it blocks a lot of stuff, and I'm dialed up
all the time and haven't found the latest worm yet.

I looked at the MS patch, but it looks like it's at least a month old.
I guess they must have thought about this one before someone actually
wrote a worm to take advantage of the hole. I just installed Service
Pack 4 (Win2K) last week (dated later than the patch), and I trust
that has all the appropriate security updates for this one.



--
I'm really Mike Rivers - )

Don Cooper wrote:

Luke Kaven wrote:

The Blaster/Posa/Lovsan worm will hunt you down and find you and cause
you downtime and abundant headache without your doing anything to
invite it.

Having a Mac can really be boring some days.

Though making friends with humans on the dark side does beget a lot of
email from folks I've never met or heard of, or that maybe don't even
exist. But they still send me emails by the ton. Pretty exciting
throwing it all away. Everyday.

--
ha

(Mike Rivers) wrote:
[...]
I looked at the MS patch, but it looks like it's at least a month old.
I guess they must have thought about this one before someone actually
wrote a worm to take advantage of the hole. I just installed Service
Pack 4 (Win2K) last week (dated later than the patch), and I trust
that has all the appropriate security updates for this one.

The devilish thing is that once Microsoft announced that they had a
critical security problem in Windows, the race was on. I should have
known that hackers, one of whom likely found the bug in the first
place, were setting to work the moment the challenge was laid down. I
should have taken the attitude that such a worm was coming sooner
rather than later and loaded the patch the minute it became available.

Luke

See everyone should own a mac.

in article , Luke Kaven at
wrote on 8/14/03 1:20 AM:

(Mike Rivers) wrote:
[...]
I looked at the MS patch, but it looks like it's at least a month old.
I guess they must have thought about this one before someone actually
wrote a worm to take advantage of the hole. I just installed Service
Pack 4 (Win2K) last week (dated later than the patch), and I trust
that has all the appropriate security updates for this one.

The devilish thing is that once Microsoft announced that they had a
critical security problem in Windows, the race was on. I should have
known that hackers, one of whom likely found the bug in the first
place, were setting to work the moment the challenge was laid down. I
should have taken the attitude that such a worm was coming sooner
rather than later and loaded the patch the minute it became available.

Luke

"Luke Kaven" wrote ...
The devilish thing is that once Microsoft announced that they had a
critical security problem in Windows, the race was on. I should have
known that hackers, one of whom likely found the bug in the first
place, were setting to work the moment the challenge was laid down. I
should have taken the attitude that such a worm was coming sooner
rather than later and loaded the patch the minute it became available.

Reports are that all the infected machines will be used to
launch a DOS (denial of service) attack on Microsoft's
patch servers by swamping them with bogus traffic.

Luke Kaven wrote:

I should have
known that hackers, one of whom likely found the bug in the first
place, were setting to work the moment the challenge was laid down. I
should have taken the attitude that such a worm was coming sooner
rather than later and loaded the patch the minute it became available.

You and about lebbenty zillion others!

--
ha

"Rick Thomas" wrote ...
See everyone should own a mac.

If they did then you would be the one complaining about the
unending infections. The juvenile delinquents go after whoever
has the biggest market share. At times like these you should
be glad Apple has such a tiny market share.

Richard Crowley wrote:

Reports are that all the infected machines will be used to
launch a DOS (denial of service) attack on Microsoft's
patch servers by swamping them with bogus traffic.

Technical point: the traffic is real; the message is bogus. g

--
ha

In article writes:

Reports are that all the infected machines will be used to
launch a DOS (denial of service) attack on Microsoft's
patch servers by swamping them with bogus traffic.

I read that same report, but the program really doesn't have to do
anything. Just creating panic is already loading the Microsoft Windows
Update web site about to capacity. This is one of the ways that a worm
or virus does its thing without doing permanent damage. The worm gets
it started, the people do the rest.



--
I'm really Mike Rivers - )

Mike Rivers wrote:

I'm using the free version of Zone Alarm, and if that allows blocking
of specific ports, I haven't found it. It might be a feature only of
the the paid version. But it blocks a lot of stuff, and I'm dialed up
all the time and haven't found the latest worm yet.

After I got rid of the worm, I must have changed something because I
started getting all those annoying popups again. So I also started the
free version of Zone Alarm and it seems to be working. It is up to about
40 blocked attempts. So maybe I will buy the paid version? I am
wondering if Zone Alarm or Norton or someone started the worm? Sure is
good for business..

Scott Dorsey wrote:

Patches come out on a regular basis, but none of them fix the fact that
there is a fundamental design flaw.

At least MS has proven that square wheels can roll if you push 'em hard
enough.

--
ha

Rob Adelman wrote:
Mike Rivers wrote:

I'm using the free version of Zone Alarm, and if that allows blocking
of specific ports, I haven't found it. It might be a feature only of
the the paid version. But it blocks a lot of stuff, and I'm dialed up
all the time and haven't found the latest worm yet.

After I got rid of the worm, I must have changed something because I
started getting all those annoying popups again. So I also started the
free version of Zone Alarm and it seems to be working. It is up to about
40 blocked attempts. So maybe I will buy the paid version? I am
wondering if Zone Alarm or Norton or someone started the worm? Sure is
good for business..


Go into Settings-Control Panel-Administrative Tools-Services

Look for the "Windows Messaging" service and see it is running. If it
is, right click on the entry for it, and bring up the Property sheet.
Hit Stop, and select "Disable". You won't be able to run some kinds
of instant messaging, but that will keep popups from coming in out of
the wild. If you run Spybot Search & Destroy periodically (and keep
up with the updates), you will be able to eradicate most annoying
trojans (Xupiter, Gator, all those things we hate).

Luke

Scott Dorsey wrote:

There is NO excuse for this kind of bad design. There is NO excuse for
shipping products that are fundamentally insecure by default.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

Somehow this reminds me of Marvin, the incredibly depressed, paranoid android
where Bill Gates has given us an OS the size of a planet ...etc.
Yep, I think my Windows machines have a lot of insecurities: fear of crashing,
fear of invasion, blue screen of death, fear of other's applications, shutting down

without pushing the "start" button...

Thus far my firewall is holding.

Ron Capik cynic in training
--

Ron Capik wrote:



Ron Capik cynic in training


Great line, Ron!

An odd response from someone named Capik (ie, Capek)...

Ron Capik wrote...

Somehow this reminds me of Marvin, the incredibly depressed,
paranoid android where Bill Gates has given us an OS the size
of a planet ...etc. Yep, I think my Windows machines have a lot
of insecurities: fear of crashing, fear of invasion, blue screen of
death, fear of other's applications, shutting down without pushing
the "start" button...

"Luke Kaven" wrote in message ...
Rob Adelman wrote:
Mike Rivers wrote:

I'm using the free version of Zone Alarm, and if that allows blocking
of specific ports, I haven't found it. It might be a feature only of
the the paid version. But it blocks a lot of stuff, and I'm dialed up
all the time and haven't found the latest worm yet.

Mike,

Zone Alarm is a pretty cool tool to be so innocuous to load. The Pro
version does allow highly tailored functions on a site by site basis if
needed. I think it's quite sufficient enough in it's 'free' state though.

After I got rid of the worm, I must have changed something because I
started getting all those annoying popups again. So I also started the
free version of Zone Alarm and it seems to be working. It is up to about
40 blocked attempts. So maybe I will buy the paid version? I am
wondering if Zone Alarm or Norton or someone started the worm? Sure is
good for business..

Rob,

I can get 40 blocked attempts per hour!! The guy that developed ZoneAlarm
is pretty reknowned for his work in identifying 'spyware' software, including
actions against Real Networks (Real player, Real jukebox, Real download,
etc.), PKZip and more - - I doubt he writes virii as a passtime. We could
share in the great cynic, conspiracist approach, however.

Go into Settings-Control Panel-Administrative Tools-Services

Look for the "Windows Messaging" service and see it is running. If it
is, right click on the entry for it, and bring up the Property sheet.
Hit Stop, and select "Disable". You won't be able to run some kinds
of instant messaging, but that will keep popups from coming in out of
the wild. If you run Spybot Search & Destroy periodically (and keep
up with the updates), you will be able to eradicate most annoying
trojans (Xupiter, Gator, all those things we hate).

Luke

Did you figure out how you got this thing Luke? (I'd really like to hear
how the USPS stumbled onto it).

I like AdAware, but Spybot probably runs much the same way. Probably
both are harmless, non-invasive pieces of software... I know AAW is.

By practicing simple safe (albeit sometimes time consuming) surfing
and mail-reading practices, using a firewall and judiciously setting a few
preferences, I've never had a virus, and I have never used on-board
anti-virus software. The protection has almost always been there, you
just have to employ it. I think the careless, haphazard users get the
worms in most cases. (I can't put you in that category). I'm surprised
how many people are glued to the internet without a firewall and with no
knowledge of their on-board protection options. Keeping updated is such
a minor thing... some would make it sound like big trouble, but it's a no
brainer to do this. (...And *without* downloading the automatic update
notifier.. another POS to run in the background).

--
David Morgan (MAMS)
http://www.m-a-m-s.com
http://www.artisan-recordingstudio.com

William Sommerwerck wrote:

An odd response from someone named Capik (ie, Capek)...
..snip...

Ah, but I've been to the filk side... ;-)

Ron Capik [aka: the NJ Editorial Minstrel ]
--

[chorus]
Re-boot 16 times, what do you get
Another error message or the blue screen of death
My registry's corrupted and the re-boot's slow
I got my bugs from the Microsoft store

[ "to the tune of 16 tons" ]

Ron Capik wrote:

Ron Capik [aka: the NJ Editorial Minstrel ]
--

[chorus]
Re-boot 16 times, what do you get
Another error message or the blue screen of death
My registry's corrupted and the re-boot's slow
I got my bugs from the Microsoft store

[ "to the tune of 16 tons" ]

EggHd,

Sign this guy.

--
ha

in article , Richard Crowley at
wrote on 8/14/03 2:20 AM:

"Rick Thomas" wrote ...
See everyone should own a mac.

If they did then you would be the one complaining about the
unending infections. The juvenile delinquents go after whoever
has the biggest market share. At times like these you should
be glad Apple has such a tiny market share.


Ahh, viruses just dont work as well on mac os and amiga systems. There to
easy to spot and get rid of.

(Mike Rivers) wrote in news:znr1060812644k@trad:

I looked at the MS patch, but it looks like it's at least a month old.
I guess they must have thought about this one before someone actually
wrote a worm to take advantage of the hole.

Tat's pretty normal. When the first worm exploiting a specific bug comes
out, that bug has usually been known for months and the bugfix has been
available fot at least a month.

I just installed Service
Pack 4 (Win2K) last week (dated later than the patch), and I trust
that has all the appropriate security updates for this one.

Don't. The service packs do not allways contain all patches. Actually, I've
once installed a service pack for Win2K that *removed* one of the security
patches we had installed. Couple of hours after we had installed the
service pack we had to take down the machine to remove a nasty worm. A worm
wich we thought couldn't get in there as we had installed the security
patch fixing the bug that worm exploited. :-/

Regards
/Jonas

Rick Thomas wrote in
:

Ahh, viruses just dont work as well on mac os and amiga systems. There to
easy to spot and get rid of.

That's funny! The Amiga was the most virus-ridden computer of it's time.
Actually, the whole virus scene was started with the Amiga. Sure, there
were a few PC virii and other stuff before the avalanche of Amiga virii,
but the Amiga was the first computer to get new virii written for it
regularly.

I remember when almost noone had heard of computer virii, almost all gamers
owning an Amiga had at least one floppy with "VIRUS!" written on it, and
almost no PC owners had ever encountered a virus.

Actually, the way Amiga OS handled floppys made trhe Amiga easier to infect
than anything else. You just had to insert the floppy. In a PC, you had to
execute the infected executable yourself, or leave the floppy in the drive
when bootting the PC. The Amiga oth happily executed the virus as soon as
the floppy was inserted.

Nowadays everything's changed of course. Floppy's are no longer the premium
distribution channel for virii, strangely made email readers execute code
left and right, an a consumer OS has wide open RPC daemons running all the
time.

Regards
/Jonas

There's a version for 32-bit and a version for 64-bit XP. There's a hyperlink
to the downloads page right on the microsoft home page.


George W. writes:

Anyone know the patch number for XP?
Thanks.

In article writes:

The service packs do not allways contain all patches. Actually, I've
once installed a service pack for Win2K that *removed* one of the security
patches we had installed.

Nothing like a little configuration management, is there?


--
I'm really Mike Rivers - )

Today in the office, the worm was propagating. Even though the "computer
guy" assured us it wouldn't get us. He has firewalls and routers and
security stuff and told us it wouldn't get in. But hey, it didn't get
me, I have windows 98 on my work computer he,he..
So the lady in the front area was sitting there with her computer
shutting down and starting up and I told her to check the task manager,
shut off msblast, then search for the file and delete. I was the Hero!
heheh

Computer guy was downstairs and I told him Pat's computer was infected
but we fixed it and he was all " oh no, I gotta get up there and do this
that and the other thing...

William Sommerwerck wrote:
I believe it is. Or a related one.

Log off. Check the Task Manager Processes window for msblast and kill the
process. Then find msblast.exe on your hard drive and delete it.

Then log on and install the Microsoft update. I did these things yesterday, and
that was the end of that.

I took Luke's advise and went into administration tools and shut off a
few things including alert. Pop ups are gone, free zone alarm,
uninstalled, everything back to normal. I suppose there are hundreds of
attempts going into my computer right now. Does it really matter?


David Morgan (MAMS) wrote:
"Luke Kaven" wrote in message ...

Rob Adelman wrote:

Mike Rivers wrote:


I'm using the free version of Zone Alarm, and if that allows blocking
of specific ports, I haven't found it. It might be a feature only of
the the paid version. But it blocks a lot of stuff, and I'm dialed up
all the time and haven't found the latest worm yet.


Mike,

Zone Alarm is a pretty cool tool to be so innocuous to load. The Pro
version does allow highly tailored functions on a site by site basis if
needed. I think it's quite sufficient enough in it's 'free' state though.


Rob,

I can get 40 blocked attempts per hour!! The guy that developed ZoneAlarm
is pretty reknowned for his work in identifying 'spyware' software, including
actions against Real Networks (Real player, Real jukebox, Real download,
etc.), PKZip and more - - I doubt he writes virii as a passtime. We could
share in the great cynic, conspiracist approach, however.


Go into Settings-Control Panel-Administrative Tools-Services

Look for the "Windows Messaging" service and see it is running. If it
is, right click on the entry for it, and bring up the Property sheet.
Hit Stop, and select "Disable". You won't be able to run some kinds
of instant messaging, but that will keep popups from coming in out of
the wild. If you run Spybot Search & Destroy periodically (and keep
up with the updates), you will be able to eradicate most annoying
trojans (Xupiter, Gator, all those things we hate).

Luke


Did you figure out how you got this thing Luke? (I'd really like to hear
how the USPS stumbled onto it).

I like AdAware, but Spybot probably runs much the same way. Probably
both are harmless, non-invasive pieces of software... I know AAW is.

By practicing simple safe (albeit sometimes time consuming) surfing
and mail-reading practices, using a firewall and judiciously setting a few
preferences, I've never had a virus, and I have never used on-board
anti-virus software. The protection has almost always been there, you
just have to employ it. I think the careless, haphazard users get the
worms in most cases. (I can't put you in that category). I'm surprised
how many people are glued to the internet without a firewall and with no
knowledge of their on-board protection options. Keeping updated is such
a minor thing... some would make it sound like big trouble, but it's a no
brainer to do this. (...And *without* downloading the automatic update
notifier.. another POS to run in the background).

Richard Crowley wrote:
The vast majority of the security vulnerabilities seem to be poor (or
seeming non-existent) buffer/pointer management. Some have
suggested this is due to the way early Microsoft C compiler
manuals were edited. All their new-college-grad progrmmers used
the section showing how to do it, and never looked at the appendix
explaining buffer overrun safeguards and pointer preservation. An
apparent dearth of meaningful code review would appear to have
neatly finished the job. Now there are likely thousands and thousands
of vulnerable buffers ripe for the discovery by the next slime-ball
virus "author".

No, not at all. The buffer overrun issues are only a tiny fraction of
a more fundamental problem of just plain not designing with security in
mind.

The buffer overrun problems are only the most visible ones because they
are the ones that are being fixed.

But remember, Microsoft didn't implement real memory protection until Windows
95... and this was, what, almost thirty years after the industry had embraced
the concept?

The i386 architecture has all kinds of nifty security features built into it,
including real rings. Seen anybody use the ring stuff? Didn't think so.

It is very clear that whoever designed the "convenient" way that Outlook
handles attachments never even thought about the ways it could be abused.
THAT is the real problem. People who do systems design, and then write
actual code, without any clue as to how it can be misused and what could
go wrong with it. It doesn't take much, it just takes the right attitude.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

I suppose not. But you still become a statistic if your computer can be seen.
And if a port is open, you can be hacked. I suppose it's just a personal
preference to run my surfing toy in total 'stealth' mode.

If you want to analyze your vulnerability to attack, do a free scan found
at the Symantec site... You may want to close the doors anyway.

http://security1.norton.com/us/intro...=sym&langid=us

--
David Morgan (MAMS)
http://www.m-a-m-s.com
http://www.artisan-recordingstudio.com


"Rob Adelman" wrote in message ...
I took Luke's advise and went into administration tools and shut off a
few things including alert. Pop ups are gone, free zone alarm,
uninstalled, everything back to normal. I suppose there are hundreds of
attempts going into my computer right now. Does it really matter?

Rob,

I can get 40 blocked attempts per hour!! The guy that developed ZoneAlarm
is pretty reknowned for his work in identifying 'spyware' software, including
actions against Real Networks (Real player, Real jukebox, Real download,
etc.), PKZip and more - - I doubt he writes virii as a passtime. We could
share in the great cynic, conspiracist approach, however.