RE: CRIME XP Home edition

From: Jim Wood (jwood@private)
Date: Mon Aug 11 2003 - 19:28:08 PDT

  • Next message: Marc Schuette: "Re: CRIME XP Home edition"

    Well, we have been working on this since around 11am today, we have seen
    several corporate customers battling with this.  Sometimes the fix
    works, sometimes it does not.  Steven Nichols said he was having
    problems even with the ports blocked.  I am experiencing the same thing
    now.  We have removed several companies from the internet in an effort
    to stop further infections.
    
     
    
    We have not been hit here at my office as of yet, as we have all ports
    locked down as best as we can and still function.
    
     
    
    If anyone comes up with any ground breaking developments please email me
    direct or phone me at 3602696996
    
     
    
    Thanks again
    
     
    
    Jim Wood
    MW TECHNOLOGY GROUP INC
    
    ( Restarting in 1 min)    :-)
    
     
    
    -----Original Message-----
    From: owner-crime@private [mailto:owner-crime@private] On Behalf
    Of Doug Eggert
    Sent: Monday, August 11, 2003 7:02 PM
    To: Steven Nichols; crime@private
    Subject: Re: CRIME XP Home edition
    
     
    
    Symantec has a lengthy write-up about W32.Blaster.Worm at: HYPERLINK
    "http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.wor
    m.html"http://securityresponse.symantec.com/avcenter/venc/data/w32.blast
    er.worm.html
    
     
    
    W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability
    (described in HYPERLINK
    "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
    rity/bulletin/MS03-026.asp"Microsoft Security Bulletin MS03-026) using
    TCP port 135. It will attempt to download and run the file Msblast.exe. 
    
     
    
    Their virus definitions file released late this afternoon will protect
    against it, but those machines already infected is another story. The
    write-up addresses how to remove it.
    
     
    
    Doug                             Ö¿Ö
    
    ----- Original Message ----- 
    
    From: HYPERLINK "mailto:steven@private"Steven Nichols 
    
    To: HYPERLINK "mailto:crime@private"crime@private 
    
    Sent: Monday, August 11, 2003 4:37 PM
    
    Subject: CRIME XP Home edition
    
     
    
    We have had about 10-15 users call in.
    
    XP Home eddition.
    
    Dialup users
    
     
    
    PC's are up to date on all virus and microsoft patches.
    
     
    
    Customer working on pc, black screen pop's up.
    
     
    
    Says 
    
    Remote server will be shutting down in 60 seconds.
    
    The pc shuts down, reboots. then tons of windows start popping up that
    say "Can't open document", etc.
    
     
    
     
    
    anyone else see this?
    
     
    
     
    
     
    
     
    
     
    
    
      Steven Nichols
      Sr. Network and Systems Administrator
      Internet and NOC Manager
    
     
    
     
    
     
    
    
                    VALLEY INTERNET COMPANY
                      1709 NE 27th Street, Suite C
                        McMinnville, Oregon 97128
                 503-565-5030 or 800-909-9078 (toll-free)
           "Pay no attention to the folks behind the curtain..."
         PGP: HYPERLINK
    "http://www.viclink.com/~steven/steven.nichols.pgp.txt"www.viclink.com/~
    steven/steven.nichols.pgp.txt
    
     
    
    
    ---
    Incoming mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
    
    
    
    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
     
    



    This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 19:41:57 PDT