[Dshield] New Virus information
haled at pionet.net
Fri Nov 21 16:43:29 GMT 2003
Symantec has posted information about a new virus on their web site. The
name of the virus is W32.Bolgi.Worm. You may want to take a look at the
information about it
I can just see some unsuspecting user falling for this social engineering
Here is an excerpt from Symantec on the text contents of the email:
!!!!!!!!! YOUR COMPUTER IS VULNERABLE TO THE RPC EXPLOIT !!!!!!!!!
THE PATCH HAS AUTOMATICALLY BEEN DOWNLOADED TO YOUR DESKTOP AND IS RUNNING
PLEASE FOLLOW ITS INSTRUCTIONS
AFTER IT IS INSTALLED, RUN A VIRUS SCAN IMMEDIATELY
IT IS EVEN RECCOMMENDED TO REFORMAT YOUR SYSTEM(don't forget to patch
The Microsoft security bulletin and patch download location is at:
www.microsoft.com <exact URL removed>.
Look for any suspicious programs running in your task manager and go to
start->run and type 'msconfig'. Go to the last tab, 'Startup' and look for
anything that's suspicious such as 'mscfg.exe', 'program.exe', 'svhost.exe'
or something. If you find anything like this, uncheck the checkbox next to
it and it will be disabled. If you see 'RPC Patcher' and 'rpcpatcher.exe'
that is this program. It would be nice if you left it checked for a while so
your computer could help others patch thier systems, but if you really want
you can uncheck it and/or delete rpcpatcher.exe from your system folder.
Doing a search at www.google.com for anything suspicous you find is also a
It appears to be using TCP port 5732, 445, and 69.
Thought you might like to know. Deb
More information about the list