Re: Purging Blaster.worm

From: Ken Jacobs (kenneth_jacobs_at_msn.com)
Date: 08/14/03

  • Next message: Gabriel Orozco: "Re: Transparent Screen Lock for Win NT/2000/XP" 
    To: meritt_james@bah.com, secmail@patchsupplier.dyndns.org
Date: Thu, 14 Aug 2003 13:48:39 -0400

    What's scariest about all this?

    Back in the late 70's, early 80's, a science fiction writer wrote a novel
    that envisioned scenarios much like we see today. Much of the terminology he
    used then is in common use today, as are many of the concepts. He wrote of a
    network comparable to today's internet (or maybe that of the not so distant
    future), a variety of worms (and the idea of worms that eat other worms).
    The recent flap over the DARPA 'terrorist futures'? He mentioned a 'delphic
    lottery' - the idea that if enough people bet on potential futures (similar
    to the stock market), they'd actually accurately predict future events.

    And all this back before Robert Morris' infamous worm.. (talk of ancient
    hsitory)

    >From: "Meritt James" <meritt_james@bah.com>
    >To: Stuart <secmail@patchsupplier.dyndns.org>
    >CC: security-basics@securityfocus.com
    >Subject: Re: Purging Blaster.worm
    >Date: Thu, 14 Aug 2003 09:32:04 -0400
    >
    >Yes, it is possible. No, it is not legal to do so.
    >
    >It has been done with another. The one who did it is on jail for that
    >reason. Modifying systems which belong to someone else, no matter your
    >reasons, is a no-no.
    >
    >Jim
    >
    >Stuart wrote:
    > >
    > >
    > > -----BEGIN PGP SIGNED MESSAGE-----
    > > Hash: SHA1
    > >
    > > Hi,
    > >
    > > Is it not possible to create another worm or modify this worm to
    > > actually patch the machines? :)
    > > Looking at the Symantec removal tool there is a silent mode.. A few
    > > days back I was on the Microsoft site and I also saw an option for a
    > > non interaction install for the RPC patch but looking through the
    > > site now I cannot find it :(
    > > The "fixing worm" could scan for 2 hours then purge itself?
    > >
    > > Just a thought
    > >
    > > Stu
    > >
    > > - -----Original Message-----
    > > From: Andreas Rothlauf [mailto:security@bitgui.de]
    > > Sent: 13 August 2003 21:25
    > > To: security-basics@securityfocus.com
    > > Subject: Re: Purging Blaster.worm
    > >
    > > Hi,
    > >
    > > JG> Has anyone successfully purged the MSBlaster worm. There is a
    > > tool out
    > > JG> there that can do it but is it reliable?
    > >
    > > Symantec has made a tool available:
    > > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to
    > > ol.html
    > >
    > > A friend told me that it works.
    > >
    > > greetZ //AndY
    > >
    > > - ----------------------------------------------------------------------
    > > - -----
    > > - ----------------------------------------------------------------------
    > > - ------
    > >
    > > -----BEGIN PGP SIGNATURE-----
    > > Version: PGP 8.0.2
    > >
    > > iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN
    > > aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/
    > > qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP
    > > Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro
    > > swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6
    > > OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz
    > > id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6
    > > bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk
    > > 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk
    > > 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+
    > > C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS
    > > 37cjHXHGHds=
    > > =eKYz
    > > -----END PGP SIGNATURE-----
    > >
    > >
    >---------------------------------------------------------------------------
    > >
    >----------------------------------------------------------------------------
    >
    >--
    >James W. Meritt CISSP, CISA
    >Booz | Allen | Hamilton
    >phone: (410) 684-6566
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >

    _________________________________________________________________
    Add photos to your messages with MSN 8. Get 2 months FREE*.
    http://join.msn.com/?page=features/featuredemail

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Gabriel Orozco: "Re: Transparent Screen Lock for Win NT/2000/XP"

    Relevant Pages

    • RE: Should webservers, eg. IIS 6 have anti--virus installed on them?
      ... covered by A/V software. ... missed in the configuration of the web server, ... Many worms and script-kiddies use the ... > firewall), backdoor (reason for firewall), ...
      (Focus-Microsoft)
    • Re: Big Old RWD Barges
      ... Ford Capri 2.8i, 1230Kg, 160bhp ... There's a reason it was cheap, the 3.0 CSi coupe was drop dead ... Quicker, faster but for some reason no one wants them, so a lot less ... Can of worms - what every fisherman wants. ...
      (uk.rec.cars.modifications)
    • Re: Mountain bike punctures - valve being torn off.
      ... The first mountain bike guys started with converted Schwinn cruisers way ... I'd say that an excellent reason. ... Can of worms - what every fisherman wants. ...
      (uk.rec.cars.modifications)
    • Re: There you stand
      ... I still think I need more details on the Diet of Worms (never read the ... I've been waiting my whole life for a reason to say that. ...
      (alt.usage.english)
    • Re: life after Windows....
      ... Windows NT, which, as I've said, is a totally different operating system. ... That explains how all the worms and viruses running around in the wild ... You can't reason with someone whose first line of argument is ...
      (rec.travel.europe)