[Dshield] massive attack to rpc?

Keith Gainford keith.gainford at btopenworld.com
Mon Aug 11 19:52:30 GMT 2003


----- Original Message ----- 
From: "isaac perez" <pobletman at hotmail.com>
To: <list at dshield.org>
Sent: Monday, August 11, 2003 8:40 PM
Subject: [Dshield] massive attack to rpc?


| Hi,
| I'm new on this list, anyone knows what happens with a problem of rpc that
| makes the system shutdown?
| It seems a massive attack like the old code red, but isnt directed to one
| host, its directed to a large number of host and did by different ips.
| My location its in spain, but i think the "attacker" ips come from
different
| countries, so i suppose it happens the same in "all" the world.
| Thanks, I had reported my logs to dshield.
| And waiting for the notices.....
|
| Sorry for my expressions the english isn't my first language.
|

There is currently a virus spreading across the net which basically leaves
you open to hackers by using the RPC feature of Windows NT based systems
(NT/2000/XP).

Symptoms of the virus are:

Your computer will shut itself down and then restart in order to allow the
virus to finish propogating itself

Antivirus software will NOT detect this as it is a modified version of
useful program code!

Please all ensure that you have downloaded the critical system updates
supplied by Microsoft:

Microsoft Windows 2000 Advanced Server SP4:

Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Microsoft Windows 2000 Advanced Server SP2:
Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Windows 2000 Professional SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Microsoft Windows 2000 Professional SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Microsoft Windows 2000 Professional SP2:
Microsoft Windows 2000 Server SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Microsoft Windows 2000 Server SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Microsoft Windows 2000 Server SP2:
Microsoft Windows NT Enterprise Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en

Microsoft Windows NT Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en

Microsoft Windows NT Terminal Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=6C0F0160-64FA-424C-A3C1-C9FAD2DC65CA&displaylang=en

Microsoft Windows NT Workstation 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition :
Microsoft Windows Server 2003 Datacenter Edition 64-bit :
Microsoft Windows Server 2003 Enterprise Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition 64-bit :
Microsoft Patch WindowsServer2003-KB823980-ia64-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2B566973-C3F0-4EC1-995F-017E35692BC7&displaylang=en

Microsoft Windows Server 2003 Standard Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en

Microsoft Windows Server 2003 Web Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en

Microsoft Windows XP 64-bit Edition SP1:
Microsoft Patch WindowsXP-KB823980-ia64-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=1B00F5DF-4A85-488F-80E3-C347ADCC4DF1&displaylang=en

Microsoft Windows XP 64-bit Edition :
Microsoft Windows XP Home SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en

Microsoft Windows XP Home :
Microsoft Windows XP Professional SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en

Microsoft Windows XP Professional :
References
Source: Microsoft Security Bulletin MS03-026
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp




More information about the list mailing list