Re: DCOM worm is out

From: Dominick S. (dsardina_at_si.rr.com)
Date: 08/12/03

  • Next message: Scott Mercer: "RE: What the heck is this msblast.exe"
    To: Fréderic Kinnaer <Frederic@SuperChat.be>
    Date: Tue, 12 Aug 2003 10:05:47 -0400
    
    

    The patch that was issued in JULY can be found here:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

    SARC has come up with a fix here:
    http://securityresponse.symantec.com/avcenter/FixBlast.exe

    Cert Advisory CA-2003-20 W32/Blaster worm here:
    http://www.cert.org/advisories/CA-2003-20.html

    Regards,
    DS-
    http://www.infosecnyc.com

    ----- Original Message -----
    From: "Fréderic Kinnaer" <Frederic@SuperChat.be>
    To: "Dominick S." <dsardina@si.rr.com>
    Sent: Tuesday, August 12, 2003 9:50 AM
    Subject: Re: DCOM worm is out

    > Where is this patch ??

    >
    > ----- Original Message -----
    > From: "Dominick S." <dsardina@si.rr.com>
    > To: "Marc Fossi" <mfossi@securityfocus.com>; "Focus-MS"
    > <focus-ms@securityfocus.com>
    > Sent: Tuesday, August 12, 2003 2:48 AM
    > Subject: Re: DCOM worm is out
    >
    >
    > > Thankfully I am patched way before today.
    > > But some people arent so lucky.
    > >
    > > I have a friend who just let me know..he is infected and he wrote this.
    > >
    > > From what I've seen it launches processes with various names:
    > > firedamon, dll32, msblast, runserv48, runserv16, runserv, runserv2,
    etc.
    > >
    > > Just a FYI.
    > >
    > > Stay Safe!
    > >
    > >
    > > DS-
    > > http://www.infosecnyc.com
    > >
    > >
    > >
    > >
    > >
    > > ----- Original Message -----
    > > From: "Marc Fossi" <mfossi@securityfocus.com>
    > > To: "Focus-MS" <focus-ms@securityfocus.com>
    > > Sent: Monday, August 11, 2003 4:32 PM
    > > Subject: DCOM worm is out
    > >
    > >
    > > > FYI
    > > >
    > > > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
    > > >
    > > > Marc Fossi
    > > > Symantec Corp.
    > > > www.symantec.com
    > > >
    > >
    >
    > --------------------------------------------------------------------------
    > > -
    > > > Your network firewall and IDS products do not prevent Web application
    > > > attacks - the most common form of online exploitation- resulting in
    Web
    > > > defacement, data theft, sabotage and fraud.
    > > > KaVaDo is the only company that provides a complete suite of Web
    > > > application security products.
    > > > Download a FREE whitepaper on "Security Policy Automation for Web
    > > > Applications":http://www.securityfocus.com/Kavado-focus-ms
    > >
    >
    > --------------------------------------------------------------------------
    > > -
    > > >
    > >
    > >
    >
    > --------------------------------------------------------------------------
    > -
    > > Your network firewall and IDS products do not prevent Web application
    > > attacks - the most common form of online exploitation- resulting in Web
    > > defacement, data theft, sabotage and fraud.
    > > KaVaDo is the only company that provides a complete suite of Web
    > > application security products.
    > > Download a FREE whitepaper on "Security Policy Automation for Web
    > > Applications":http://www.securityfocus.com/Kavado-focus-ms
    >
    > --------------------------------------------------------------------------
    > -
    > >
    >

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------


  • Next message: Scott Mercer: "RE: What the heck is this msblast.exe"

    Relevant Pages

    • RE: Exchange 2000 out of office
      ... Your network firewall and IDS products do not prevent Web application ... KaVaDo is the only company that provides a complete suite of Web ... Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: [msblast/LovSan] Detection
      ... Your network firewall and IDS products do not prevent Web application ... KaVaDo is the only company that provides a complete suite of Web ... Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • Re: Detecting Blaster
      ... or a batch file that will map to each machine and see ... > application security products. ... Your network firewall and IDS products do not prevent Web application ... Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: Vuln scan tool for web
      ... >>Your network Firewall and IDS products do not prevent Web application ... >>assess your entire environment, automatically set positive security ... >>For more information on KaVaDo and to download a FREE white paper on Web ...
      (Pen-Test)
    • Re: Know such a webs server tool?
      ... Wnikto32 with php remote frontend avail at ... >> Your network Firewall and IDS products do not prevent Web application ... automatically set positive security ... >> For more information on KaVaDo and to download a FREE white paper on ...
      (Pen-Test)