Re: Purging Blaster.worm

From: Duston Sickler (dustons_at_charter.net)
Date: 08/14/03

  • Next message: Meritt James: "Re: Purging Blaster.worm"
    To: "Stuart" <secmail@patchsupplier.dyndns.org>, <security-basics@securityfocus.com>
    Date: Wed, 13 Aug 2003 19:53:21 -0500
    
    

    You would be stepping on a lot of toes by doing that. Not to mention
    breaking several laws.

    This hack patch discussion has been had before. The area sounds appealing
    but when it comes down to who is responsible if the "Patch Worm" breaks my
    "whatever" it starts to loose its luster.

    Duston Sickler
    CompTIA A+ Certified
    "Cedo nulli."
    ----- Original Message -----
    From: "Stuart" <secmail@patchsupplier.dyndns.org>
    To: <security-basics@securityfocus.com>
    Sent: Wednesday, August 13, 2003 5:14 PM
    Subject: RE: Purging Blaster.worm

    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Hi,
    >
    > Is it not possible to create another worm or modify this worm to
    > actually patch the machines? :)
    > Looking at the Symantec removal tool there is a silent mode.. A few
    > days back I was on the Microsoft site and I also saw an option for a
    > non interaction install for the RPC patch but looking through the
    > site now I cannot find it :(
    > The "fixing worm" could scan for 2 hours then purge itself?
    >
    > Just a thought
    >
    > Stu
    >
    > - -----Original Message-----
    > From: Andreas Rothlauf [mailto:security@bitgui.de]
    > Sent: 13 August 2003 21:25
    > To: security-basics@securityfocus.com
    > Subject: Re: Purging Blaster.worm
    >
    > Hi,
    >
    > JG> Has anyone successfully purged the MSBlaster worm. There is a
    > tool out
    > JG> there that can do it but is it reliable?
    >
    > Symantec has made a tool available:
    > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to
    > ol.html
    >
    > A friend told me that it works.
    >
    > greetZ //AndY
    >
    >
    >
    > - ----------------------------------------------------------------------
    > - -----
    > - ----------------------------------------------------------------------
    > - ------
    >
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.0.2
    >
    > iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN
    > aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/
    > qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP
    > Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro
    > swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6
    > OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz
    > id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6
    > bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk
    > 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk
    > 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+
    > C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS
    > 37cjHXHGHds=
    > =eKYz
    > -----END PGP SIGNATURE-----
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------

    --
    >
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Meritt James: "Re: Purging Blaster.worm"

    Relevant Pages

    • RE: Purging Blaster.worm
      ... Subject: Purging Blaster.worm ... This hack patch discussion has been had before. ... but when it comes down to who is responsible if the "Patch Worm" breaks my ... > Looking at the Symantec removal tool there is a silent mode.. ...
      (Security-Basics)
    • RE: disinfection tool
      ... > Perhaps a very controversial viewpoint is using the backdoor installed by the ... > copycat code red worm to patch these systems. ... > This list is provided by the SecurityFocus ARIS analyzer service. ...
      (Incidents)
    • Re: Will patch fix an already affected computer
      ... The patch will fix the vulnerability, but won't remove the worm. ... Windows XP, Windows 2000, Windows Server 2003, Windows NT ...
      (microsoft.public.security)
    • Re: rpc errors
      ... Nice advice, but note that if you have the worm, installing the patch isn't ... Windows XP, Windows 2000, Windows Server 2003, Windows NT ... Anti-Virus vendor to detect new viruses and their variants. ...
      (microsoft.public.win2000.security)
    • Re: ICF
      ... No I have not being able to run the patch for the Blaster ... >Disinfecting from the Blaster worm also requires that you ... >without the firewall, ...
      (microsoft.public.security.virus)