[Dshield] Windows 2000 users: "Patch now or else..."

mjcarter@ihug.co.nz mjcarter at ihug.co.nz
Mon Aug 15 02:26:35 GMT 2005


I'm typing this quickly, due to a huge increase in my
workload past hour.

A customer of mine got hit today (about 60 minutes ago) by
what looks like
http://www.f-secure.com/v-descs/zotob_a.shtml

at least the ports match 8888

Causing services.exe to crash (noisey) on unpatched win2k
sp4 systems. Haven't come accross the infection yet but have
picked up attempts in my firewall.

I think I'm going to have a busy day :-)

Patch up everyone!

Mike
www.infosec.co.nz

> I thought it (UPnP) was to allow you to control your
> coffee maker, refrigerator, and toaster over the Internet
> -- not to mention your friendly neighborhood soda machine
> ;-)
>
> -Ed
> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu
> Date: Sun, 14 Aug 2005 17:52:10
> To:General DShield Discussion List
> <list at lists.dshield.org> Subject: Re: [Dshield] Windows
> 2000 users: "Patch now or else..."
>
> On Sun, 14 Aug 2005 15:26:44 EDT, "Johannes B. Ullrich"
> said:
>
> > UPnP (Universal Plug and Play) on the other hand is a
> > service to discover network resources and adjust
> firewall rules on the fly.
>
> I still want to know what dim bulb thought that UPnP was a
> good idea.
>
> I mean, c'mon.  A defined API so malware can send a "Pants
> Down!" command to the firewall?  What were they
> *thinking*? :)
>
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
> Cheers,
> -E D Truitt
>
> Sent via my BlackBerry from Cingular Wireless
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>


More information about the list mailing list