Re: Purging Blaster.worm

From: Ken Jacobs (kenneth_jacobs_at_msn.com)
Date: 08/14/03

  • Next message: Gabriel Orozco: "Re: Transparent Screen Lock for Win NT/2000/XP"
    To: meritt_james@bah.com, secmail@patchsupplier.dyndns.org
    Date: Thu, 14 Aug 2003 13:48:39 -0400
    
    

    What's scariest about all this?

    Back in the late 70's, early 80's, a science fiction writer wrote a novel
    that envisioned scenarios much like we see today. Much of the terminology he
    used then is in common use today, as are many of the concepts. He wrote of a
    network comparable to today's internet (or maybe that of the not so distant
    future), a variety of worms (and the idea of worms that eat other worms).
    The recent flap over the DARPA 'terrorist futures'? He mentioned a 'delphic
    lottery' - the idea that if enough people bet on potential futures (similar
    to the stock market), they'd actually accurately predict future events.

    And all this back before Robert Morris' infamous worm.. (talk of ancient
    hsitory)

    >From: "Meritt James" <meritt_james@bah.com>
    >To: Stuart <secmail@patchsupplier.dyndns.org>
    >CC: security-basics@securityfocus.com
    >Subject: Re: Purging Blaster.worm
    >Date: Thu, 14 Aug 2003 09:32:04 -0400
    >
    >Yes, it is possible. No, it is not legal to do so.
    >
    >It has been done with another. The one who did it is on jail for that
    >reason. Modifying systems which belong to someone else, no matter your
    >reasons, is a no-no.
    >
    >Jim
    >
    >Stuart wrote:
    > >
    > >
    > > -----BEGIN PGP SIGNED MESSAGE-----
    > > Hash: SHA1
    > >
    > > Hi,
    > >
    > > Is it not possible to create another worm or modify this worm to
    > > actually patch the machines? :)
    > > Looking at the Symantec removal tool there is a silent mode.. A few
    > > days back I was on the Microsoft site and I also saw an option for a
    > > non interaction install for the RPC patch but looking through the
    > > site now I cannot find it :(
    > > The "fixing worm" could scan for 2 hours then purge itself?
    > >
    > > Just a thought
    > >
    > > Stu
    > >
    > > - -----Original Message-----
    > > From: Andreas Rothlauf [mailto:security@bitgui.de]
    > > Sent: 13 August 2003 21:25
    > > To: security-basics@securityfocus.com
    > > Subject: Re: Purging Blaster.worm
    > >
    > > Hi,
    > >
    > > JG> Has anyone successfully purged the MSBlaster worm. There is a
    > > tool out
    > > JG> there that can do it but is it reliable?
    > >
    > > Symantec has made a tool available:
    > > http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to
    > > ol.html
    > >
    > > A friend told me that it works.
    > >
    > > greetZ //AndY
    > >
    > > - ----------------------------------------------------------------------
    > > - -----
    > > - ----------------------------------------------------------------------
    > > - ------
    > >
    > > -----BEGIN PGP SIGNATURE-----
    > > Version: PGP 8.0.2
    > >
    > > iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN
    > > aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/
    > > qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP
    > > Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro
    > > swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6
    > > OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz
    > > id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6
    > > bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk
    > > 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk
    > > 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+
    > > C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS
    > > 37cjHXHGHds=
    > > =eKYz
    > > -----END PGP SIGNATURE-----
    > >
    > >
    >---------------------------------------------------------------------------
    > >
    >----------------------------------------------------------------------------
    >
    >--
    >James W. Meritt CISSP, CISA
    >Booz | Allen | Hamilton
    >phone: (410) 684-6566
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >

    _________________________________________________________________
    Add photos to your messages with MSN 8. Get 2 months FREE*.
    http://join.msn.com/?page=features/featuredemail

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Gabriel Orozco: "Re: Transparent Screen Lock for Win NT/2000/XP"