Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft

From: Juha Laiho (Juha.Laiho_at_iki.fi)
Date: 09/20/03


Date: Sat, 20 Sep 2003 05:22:01 GMT

Rev Turd Fredericks <turdfred@catholic.org> said:
>>> My wife got the msblast virus merely by turning off her firewall
>>> to play a game.
...
>The firewall was disabled because it sometimes interferes with the
>game, I have since fixed that and the game can be played with the
>firewall on.
...
>The only reason we found out was when she renabled her firewall, the
>firewall warning window popped up and asked "msblast.exe requests a
>connection to IP xxx.xxx.xxx.xxx". msblast takes advantage of an RPC
>vulnerability.

And fixes to close the RPC hole used by msblast were published by
Microsoft some months before the msblast attack, if I recall correctly.

If the machine in question is running NT 4.0 workstation, it might be
that the fix is not available, as the OS is no longer supported by MS,
in which case the firewall is the only remaining protection. But _if_
the OS was something for which the fix was available, this infection
was caused by user ignorance/neglicience.

It is unfortunate the Internet has turned this way, that everyone
connecting to it must be acutely aware of security issues. And it is
unfortunate the integrity of software available is what it is (for
those starting to advocate open source software at this point, look
at recent issues with sendmail, OpenSSH, some ftp daemons, etc; perhaps
not as bad as Microsoft side, but not completely solid, either).

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)


Relevant Pages

  • Re: Firewall or spywear affecting game discussion?
    ... firewall you installed, what was the name of that firewall? ... Online games are usually developed using Flash, Java, or Virtual Machine. ... The most likely solution to a problem with an online game is to install, upgrade, ...
    (microsoft.public.windowsxp.games)
  • Re: Bypassing the firewall
    ... Firewall in the router but i think it comes with Zone Alarm. ... >> The one thing you MUST remember is that an open port is an open port no ... >> So start your game and then start TCPview to see the ports the game is ...
    (comp.security.firewalls)
  • Re: Problems with Norton Firewall 2002
    ... internet permits. ... You wont find the game listed on the list, as it is in Beta testing. ... So it looks like, the only way to play it, is by switching off the firewall. ... that's obviously off the Connections tab. ...
    (comp.security.firewalls)
  • Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft
    ... >> turning off her firewall to play a game. ... > you can't get a virus without doing something stupid, ... msblast takes advantage of an RPC vulnerability. ...
    (comp.security.misc)
  • Re: Yet another Mass e-mail worm TM - Gibe-F/Swen-A - E-mail from Microsoft
    ... >> turning off her firewall to play a game. ... > you can't get a virus without doing something stupid, ... msblast takes advantage of an RPC vulnerability. ...
    (alt.computer.security)