[Dshield] Regarding SANS NewsBites Vol.5

Paul Marsh pmarsh at nmefdn.org
Wed Aug 13 17:28:56 GMT 2003


I'm sure everyone on the list just received this or is in the process of receiving it.  Please check out the Washington Post article about "How-To", notice the steps in recovery from ISS.  Is it me or is everyone missing the point?  This thing is a rooter!  Infect, compromise, install backdoors and then let the user follow the steps outlined, update AV, install patches until the cows come home, it makes no difference you've been rooted, you have no idea what could or has been installed on your system.  Fdisk and reinstall! 

TOP OF THE NEWS

 --Windows Worm Spreading
(11 August 2003)
A worm that exploits the widespread Windows RPC DCOM vulnerability is
spreading quickly, according to the Internet Storm Center.  Alternately
called "Blaster" and "LovSan," the worm infects Windows 2000 and Windows
XP systems and often causes them to repeatedly crash. SANS Internet
Storm Center issued one of the earliest advisories about the worm.  As
many as 1.4 million systems have been infected as of 4 PM EDT, Tuesday.
That is at least four times the number infected by Code Red.
http://www.washingtonpost.com/wp-dyn/articles/A46233-2003Aug11.html
Useful "How-To" for cleaning it off your system: 
http://www.washingtonpost.com/wp-dyn/articles/A49251-2003Aug12.html
Technical description at SANS Internet Storm Center:
http://isc.sans.org/diary.html?date=2003-08-11
http://news.com.com/2102-1002_3-5062364.html?tag=ni_print
http://www.cert.org/advisories/CA-2003-20.html




More information about the list mailing list