Re: There seems to be a massive denial of service attack going on

From: Jupiter Jones [MVP] (
Date: 08/12/03

Date: Mon, 11 Aug 2003 16:26:49 -0600

First, IMMEDIATELY disconnect from the internet before a "friend"
leaves a gift on your computer for you.
DO NOT reconnect until this issue is resolved.

Install or enable a firewall immediately.

Run an updated virus scan.
Or Scan for Viruses online:

Also be sure to update immediately to prevent this in the future:

This will tell you more:

Jupiter Jones  [MVP]
An easier way to read newsgroup messages:
"Mark Jerome" <> wrote in message
> I too am seeing many of my clients remote PC's going down with this
same RPC
> and COM+  errors. The NT Authority auto shutdown that everyone is
> about.
> Basically all our users behind a firewall are not experiencing this
> Remote users that acces the interent and then come to our servers by
way of
> terminal connection are dropping like flies.
> We have lost many systems today all going down one after another.
> These remote systems, since they use slow dialup were not patched
> this RPC exploit. We are trying to now but MS site seems swamped and
we are
> unable.  Fortunately these people can stay up because they can RAS
into our
> firewalled site and then user their browser to get the update. Users
> only have internet access can not stay up long enough to get
> All systems affected have the MSBlast.exe file that some poeple have
> about.
> Does any security person know whats going on?
> How is the DOS working? Where is it coming from? Any word from
Symantec or
> Macafee on what msblast.exe is and what other files may have been