3 Comprehensive links in combat with MSBlaster Worm

From: Geoff Shively (gshively_at_pivx.com)
Date: 08/12/03

  • Next message: Charley Hamilton: "Re: What the heck is this msblast.exe"
    To: "Focus on Microsoft Mailing List" <FOCUS-MS@SECURITYFOCUS.COM>
    Date: Tue, 12 Aug 2003 13:14:27 -0700
    
    

    More DCOM Fun,
    The boards and lists are flooded with data on this little bugger. Almost too
    much data, and vital stuff gets lost in the myriad email chains and re:
    threads. I summed up these 3 links for easy access. Hope it helps.

    DCOM ISS Scanner:
    http://www.iss.net/support/product_utilities/ms03-026rpc.php
    Microsoft Patches:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
    DCOM Cleaner for Infected Boxen:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

    And remember... PATCH and block the ports 135 - 139 -445 - 593

    Cheers,

    Geoff Shively, CHO
    PivX Solutions, LLC

    Are You Secure?
    http://www.pivx.com

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------


  • Next message: Charley Hamilton: "Re: What the heck is this msblast.exe"

    Relevant Pages

    • RE: attempt to launch a DCOM server?
      ... attempt to launch a DCOM server? ... Your network firewall and IDS products do not prevent Web application ... Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: attempt to launch a DCOM server?
      ... One intersting thing on one my servers, in the event veiwer, the user attempting to use DCOM is the IUSR account, all my applications that use DCOM are assigned specific accounts to use.I am very curious about this. ... attempt to launch a DCOM server? ... Your network firewall and IDS products do not prevent Web application ... Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • 3 Comprehensive links in combat with MSBlaster Worm
      ... The boards and lists are flooded with data on this little bugger. ... and vital stuff gets lost in the myriad email chains and re: ... DCOM ISS Scanner: ...
      (Bugtraq)
    • [Full-Disclosure] 3 Comprehensive links in combat with MSBlaster Worm
      ... The boards and lists are flooded with data on this little bugger. ... and vital stuff gets lost in the myriad email chains and re: ... DCOM ISS Scanner: ...
      (Full-Disclosure)