Blaster Worm

plumlazy · Aug 13, 2003

Quote from TMTrader:

oh that, I do that also when everyone IS looking.
More...

LMAO

RAMOUTAR · Aug 13, 2003

Quote from plumlazy:

I haven't heard of it, but my version is about a yr old.
However, this question comes to mind. Why would you ping an intruder and even let him no that you exist, when basically B-Ice has made it look as if you don't exist?

What I'm trying to say is, if he doesn't know that you're there, why tell him. (could he not trace your ping and establish that your ip address does indeed exist?) I'm not sure, I'm no techie, I have a pretty simple mind...so I don't know all of the ins and outs of this stuff, but if my firewall told him I wasn't even there, I don't think I'd ping him. I'd leave well enough alone.
More...

You got me there PL. I have had persistent intruders, a "ping of death" would crash their PC. Retribution I suppose. Good point.

plumlazy · Aug 13, 2003

Quote from RAMOUTAR:

You got me there PL. I have had persistent intruders, a "ping of death" would crash their PC. Retribution I suppose. Good point.
More...

I have heard of a "ping of death" = crash their pc.....I just haven't heard of it being associated with B-Ice.

I like retribution just as much as the next guy. = don't get mad - get even !

But the way I see it, if I ping him and somehow he gets back to me and we get into a hacking war, I'll lose for sure...lol...

Sometimes a good run beats a bad stand.

TM_Direct · Aug 13, 2003

i spent an hour trying the xp patch at home and it did not work...
any suggestions? My computer closes down after about 4 minutes on line

MarkB · Aug 13, 2003

Quote from TM_Direct:

i spent an hour trying the xp patch at home and it did not work...
any suggestions? My computer closes down after about 4 minutes on line
More...

Remove the worm:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

BEFORE you patch.

If your system is locking up or rebooting, end the task MSBLAST.EXE in order to buy more time.

CalTrader · Aug 14, 2003

Actually even before MS posted the patch in early July there was clear evidence that mischief would occur in the near future back in March: anyone watching their public facing networks would have seen a marked increase in scans on these particular MS ports: 135 - 139, 445 etc.

The best advice is to have a monitoring system that you actually check or that alerts you to increased activity in a certain area. This way you know the exploits people are attempting: once your public facing systems are locked down it is very difficult for an intruder to comprimise your systems.

If you are concerned about snooping there are numerous free sites on the internet run by government or academia that offer useful information: one of them is cert.org which you can check for after the fact notices of particular internet - wide problems.

ArchAngel · Aug 14, 2003

Quote from TM_Direct:
i spent an hour trying the xp patch at home and it did not work...any suggestions? My computer closes down after about 4 minutes on line
More...

The MS update/patch doesn't remove the worm - it only stops it from getting in. If your machine is already infected, the patch won't kill it - you've got to get rid of the worm (kill the msblast.exe task from the task manager and then delete the msblast.exe from your hard drive).

Then get a NAT router to front end you to the internet to block all such inbound hack attempts. If you're on dialup instead of broadband, you'll have to install firewall software instead of the cheaper/easier hardware solution.

Log in or Sign up

Blaster Worm

plumlazy

RAMOUTAR

plumlazy

TM_Direct

MarkB

CalTrader Guest

ArchAngel