Who else got hit by the worm? (msblast)

Mark said:
I've been so tempted to go to Linux, it's just a matter of being convinced that it's an easy (and worthwhile) switch... (ie, able to find apps that do all that I need to do)
Click to expand...

If you're not quite sure, and you've got plenty of time and/or bandwidth, give knoppix a go.

http://www.knoppix.net/

Apparently it comes with all the "normal" type stuff (word processors, graphics programs and the like) and it runs off a bootable CD. Just pop it in and you're away! No messy installs and rollbacks! It's a 700 meg download.

I haven't used it myself, but it's meant to be a pretty good package, although it's probably a bit slow (as you'd expect, running off a CD and all)
 
Mark said:
I've been so tempted to go to Linux, it's just a matter of being convinced that it's an easy (and worthwhile) switch... (ie, able to find apps that do all that I need to do)
Click to expand...


Do it now, it's so much stable, using as the os on your server is highly recommended. Most applications have an almost exact port on linux, it takes some time to get used to using the konsole(linux command prompt) but apart from that it's great.

Looks so much nicer to, I recomend geting the Debian shell.
 
The Trooper said:
I got the Panda Quick Remove thing) which got rid of all traces of it on the computer.
Click to expand...

What have you got against pandas, Trent? If I had a panda I'd feed it and give it all the love and atention it needed, not find some gadget to remove it. Did it shit on your computer or something?

If you ever have a surplus of pandas in future, please send one my way. I've always wanted one.


Oh, and I'm using Windows 98, which is rather alright.
 
This virus/worm is a monster.

I look after the helpdesk for a large ISP and we are seeing a higher call volume due to this worm than any other virus that i can ever recall.

Luckily we blocked Port 135 on our core network to stop any more infections for our customers quite early on in the peace. In the first 5 hours of blocking the port we stopped 43 MILLION(!) attacks.

Not a fun time to be in technical support! :(
 
Koichi said:
Do it now, it's so much stable, using as the os on your server is highly recommended. Most applications have an almost exact port on linux, it takes some time to get used to using the konsole(linux command prompt) but apart from that it's great.

Looks so much nicer to, I recomend geting the Debian shell.
Click to expand...

Debian shell? Debian's a distribution, and apparently a very very good one. They only package rock-solid stable apps, but as a result of that it tends to be a few versions out of date. It's also what knoppix (as mentioned above) is based on.

When I use Linux, which ain't as often as it should be, I like Mandrake. It's more 'cutting edge' application wise and is supposedly newbie friendly.

Koich is right, most apps have an equivalent on Linux, but there's woefully few one-to-one ports. But what there is is usually free and open. Open source is good.
 
If one of the networked pcs IS on the net then the others on the network will get it is what phloggy meant I think :)
 
Spawny's kinda right, except even you don't even need an active connection. For example, say you have a totally offline network so it's all nice and secure. I come around with my MSBlast infected laptop with no net connection, plug into your network and boom. Blasted.

It's because this is a worm that acts kinda differently to your regular worm. This one does a port scan on the network and sends itself to any open ports it finds.
 
Batten down the hatches, here it comes again:

====================================

http://www.kasperskylabs.com/news.html?id=985370

Kaspersky Labs, a leading expert in information security, has identified a new modification of the notorious Lovesan worm (also know as "Blaster"). Kaspersky Labs' experts anticipate that in the short run a repeated outbreak of the global scale may occur. This is because the two versions of "Lovesan" exploit the same vulnerability in Windows and may co-exist on the same computer. "In other words, all computers infected by the original "Lovesan" will soon be attacked by its revamped versio," commented Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Labs, "Taking into consideration that the amount of infected systems is now reaching 300,000 the return of the worm will imply a doubling of this number and lead to unpredictable results." In the worst case scenario the world community might face a global Internet slow-down and regional disruption of access to the World Wide Web: just as it happened in January 2003 due to the "Slammer" worm. Technologically, the new modification of "Lovesan" is a copycat of the original. Slight changes were made only to the appearance of the worm: a new name of the main worm-carrier file (TEEKIDS.EXE instead of MSBLAST.EXE), a different method of code compression (FSG instead of UPX), and new "copyright" strings in the body of the worm abusing Microsoft and anti-virus developers. Users of Kaspersky® Anti-Virus can be sure that this new worm will not harm to their computers. All Kaspersky Labs products effectively detect both modifications of "Lovesan", without requiring an update.

====================================

Apparently it's meant to happen over the weekend.
 
How is this virus contracted? Am I right in assuming the user doesn't have to download something like other such viruses? Which would explain why its so widely spread.
 
You must log in or register to reply here.

Similar threads

Cat5Messiah
New worm floating around
Replies
34
Views
931
CoB Off-topic
bodomite
B
Captain Beard
BioShock Demo Installs SecuROM Service
Replies
1
Views
2K
Nevermore
Liverslapper
L
Captain Beard
We're in serious trouble.
Replies
10
Views
299
Nevermore
MethodicalWasteManagement
M
0
PC'S ROCK!!!
Replies
19
Views
1K
Andy Sneap
Hopkins-WitchfinderGeneral
H
Styvo
Firewire Issue Requesting Computer Savy Input
Replies
0
Views
347
Backline
Styvo
S
Top Bottom
Back