Anyone else was attacked? Two nights ago my PC went nuts! This new worm affects the Remote Procedure Call (RPC) and makes the computer restart every 1 minute.

This is a huge massive worldwide attack and I recommend everyone to avoid this headache by installing this patch from Microsoft:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

Believe me, I had to fight this by restarting the PC 10-15 times until I managed to download and install the patch.

I know at least 10 other people who were attacked the same night. Were you?

nope...this patch has been around since July 16. I applied it when they warned me about it..... :)-

Originally posted by gish
nope...this patch has been around since July 16. I applied it when they warned me about it..... :)-

Boy, you are the smart one! lol Previously I never did any updates. :wtf:






Now I will. :shout: :computer:

There's always the smartest update, which is called Linux. ;-)

Originally posted by Smerdyakov
Linux. ;-)

Heard it was the greatest patch of them all!

nah..linux is useless....it is a big virus if you ask me....steals code as well.......

gish is right, buy a mac.

Let the flaming begin! ;)

Seriously though, everything has its place and nothing is more secure than the habits of the end user. If every end user did a basic install of linux and never updated, it would probably get press just as bad as MS.

exactly...i was only kidding anyway....and the guys around here know that.....

very true jamessan. the other thing to consider is that virus writers will obviously target the most wide spread system. not only is there a higher probability that the worm will propagate, but also it will affect more users and therefore up the press coverage.

all I know is that some little thirteen year old kid somewhere is laughing right now.

Well, getting back on to topic, sort of, if anyone is running a router, you should check this (http://isc.sans.org/diary.html?date=2003-08-11) document to see what ports you should be blocking.

Symantec has listed Snort IDS signatures to detect here (https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf).

Of course, Snort works great under Linux, and Linux also has Netfilter as well...

You also have to remember that Windows XP came out in like 2001. It will be open to many exploits if you don't go to Windows Update after install. Redhat 9 came out early last year I think so it would also be vulnerable to attack unless you patched it. Of course, they both do offer integrated firewalls so you could just enable those.

-Graham

Our company network was Blaster free until a salesman brought the blasted thing in on a laptop...I still wanna shoot 'im for that. Firewalls are GOOD!