Executive Summary:

A worm has started spreading early afternoon EDT (evening UTC Time) and
is expected to continue spreading rapidly. This worms exploits the
Microsoft Windows DCOM RPC Vulnerability announced July 16, 2003. The SANS
Institute, and Incidents.org recommends the following Action Items:

* Close port 135/tcp (and if possible 135-139, 445 and 593)
* Monitor TCP Port 4444 and UDP Port 69 (tftp) which are used by the worm
for activity related to this worm.
* Ensure that all available patches have been applied, especially the
patches reported in Microsoft Security Bulletin MS03-026.
* This bulletin is available at
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
* Infected machines are recommended to be pulled from the network pending
a complete rebuild of the system

The worm hit a client of mine (probably), a big mobile phone provider here in Greece. Heh, thanks for the heads up will have the recommendations in mind.

Think we need to merge these...

http://www.webhostingtalk.com/showthread.php?s=&threadid=174797

:)

Big news for the internet though. Kinda fun, watching all the gore and destruction. :D

-David

Originally posted by thedavid
Think we need to merge these...

http://www.webhostingtalk.com/showthread.php?s=&threadid=174797

:)

Big news for the internet though. Kinda fun, watching all the gore and destruction. :D

-David
Agreed. Except for the gore and destruction part :D

I am Tired of this worm.:bawling:

It just hit me... 1 my PC is out of order!!! Just restarts like crazy every 1 minute because of some "Remote Procedure Call (RPC)!

Originally posted by Artashes
It just hit me... 1 my PC is out of order!!! Just restarts like crazy every 1 minute because of some "Remote Procedure Call (RPC)!

Then there was something wrong with your computer :(

All my port is nicely Stealth! :D :)

If your machine just goes on restarting every time, will plugging off the cable modem help ignore this?? Is this coming by Internet or the system? Basically, I think when I reboot the modem - it'll give me a new IP - will this solve it?

Not sure if someone has already said this but:
if your system is about to shut down because of some "Remote Procedure Call (RPC), you can cancel it by going to
start>run>cmd, then type "shutdown -a"

Thank you GekoSpace!

I will try this now.. (praying)

Is that for any Windows version or specific one tho?

hahah.. back to normal life.

What I did was just downloaded the Microsoft patch .. and i had to do it faster than 1 minute shut down. managed to do it. During the next restart I installed it and then after the third shut down it dissapeared. yyyyaaaaaaaaahoooooooooo!!!!

Originally posted by Artashes
Thank you GekoSpace!

I will try this now.. (praying)

Is that for any Windows version or specific one tho?

Well it worked on my other XP machine with the virus. Not sure if it works on other versions of windows :(

More info:
http://pcpitstop.ibforums.com/index.php?act=ST&f=9&t=19904&

I recieved an email regarding this virus and they said it only affected machines using windows xp all other versions were ok.. hope this is correct.

Also how does one go about making port 135 stealth or failing that closing port 135 and if it is closed does that effect using a adsl modem.. ???

I recieved an email regarding this virus and they said it only affected machines using windows xp all other versions were ok.. hope this is correct.

Also how does one go about making port 135 stealth or failing that closing port 135 and if it is closed does that effect using a adsl modem.. ???

Update on effected versions from microsoft

Summary
Who should read this bulletin: Users running Microsoft ® Windows ®

Impact of vulnerability: Run code of attacker’s choice

Maximum Severity Rating: Critical

Recommendation: Systems administrators should apply the patch immediately

End User Bulletin: An end user version of this bulletin is available at:

http://www.microsoft.com/security/security_bulletins/ms03-026.asp.

Affected Software:

Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003

Not Affected Software:
Microsoft Windows Millennium Edition

actually it affects XP & 2000


http://story.news.yahoo.com/news?tmpl=story&u=/nm/20030812/wr_nm/tech_windows_worm_dc_3

I'd install the patch, but it tells me to backup my system, and I'm really too lazy for that. Closing the ports should do. :P

If you run Windows Update, is the patch included in any updates it finds or do you need to do this as a separate thing?

Originally posted by Hiccups
If you run Windows Update, is the patch included in any updates it finds or do you need to do this as a separate thing?
I think you need to do it as a seperate thing. I had all the latest updates so if it was part of the updates in would let me install it again ... but it did ...if you see what I mean

if you cannot get the update in under one minute just hit start->run then type cmd and hit ok

then at the prompt type shutdown -a and the shutdown will stop :D

http://www.webhostingtalk.com/showthread.php?s=&threadid=174797

You know what kind of community WHT is when we know about these things 24 hours before your neighboor does ;)