Re: Purging Blaster.worm

From: Duston Sickler (dustons_at_charter.net)
Date: 08/14/03

  • Next message: Meritt James: "Re: Purging Blaster.worm"
    To: "Stuart" <secmail@patchsupplier.dyndns.org>, <security-basics@securityfocus.com>
    Date: Wed, 13 Aug 2003 19:53:21 -0500
    
    

    You would be stepping on a lot of toes by doing that. Not to mention
    breaking several laws.

    This hack patch discussion has been had before. The area sounds appealing
    but when it comes down to who is responsible if the "Patch Worm" breaks my
    "whatever" it starts to loose its luster.

    Duston Sickler
    CompTIA A+ Certified
    "Cedo nulli."
    ----- Original Message -----
    From: "Stuart" <secmail@patchsupplier.dyndns.org>
    To: <security-basics@securityfocus.com>
    Sent: Wednesday, August 13, 2003 5:14 PM
    Subject: RE: Purging Blaster.worm

    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Hi,
    >
    > Is it not possible to create another worm or modify this worm to
    > actually patch the machines? :)
    > Looking at the Symantec removal tool there is a silent mode.. A few
    > days back I was on the Microsoft site and I also saw an option for a
    > non interaction install for the RPC patch but looking through the
    > site now I cannot find it :(
    > The "fixing worm" could scan for 2 hours then purge itself?
    >
    > Just a thought
    >
    > Stu
    >
    > - -----Original Message-----
    > From: Andreas Rothlauf [mailto:security@bitgui.de]
    > Sent: 13 August 2003 21:25
    > To: security-basics@securityfocus.com
    > Subject: Re: Purging Blaster.worm
    >
    > Hi,
    >
    > JG> Has anyone successfully purged the MSBlaster worm. There is a
    > tool out
    > JG> there that can do it but is it reliable?
    >
    > Symantec has made a tool available:
    > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to
    > ol.html
    >
    > A friend told me that it works.
    >
    > greetZ //AndY
    >
    >
    >
    > - ----------------------------------------------------------------------
    > - -----
    > - ----------------------------------------------------------------------
    > - ------
    >
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.0.2
    >
    > iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN
    > aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/
    > qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP
    > Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro
    > swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6
    > OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz
    > id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6
    > bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk
    > 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk
    > 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+
    > C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS
    > 37cjHXHGHds=
    > =eKYz
    > -----END PGP SIGNATURE-----
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------

    --
    >
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Meritt James: "Re: Purging Blaster.worm"