MSBlast.exe (virus)

[Blisterz]

This virus is amazing in how easy it is to catch. Yesterday I was just finished putting together a new system, and was installing W2K. My computer kept getting an RPC error and shutting down. I tried everything to fix it. (i never once had even enough time to install a single critical-up date), so I would end up reinstalling W2K (did that 3 times). Then during the 3rd install I read about the virus on another computer that was there. I was curious, so right after the install I opened search and looked for MSBLAST. Nothing. Ok, so about 2 min into installing service pack 4 and I get RPC error. I do search on my system and sure enough, MSBLAST.

I have never seen (i have heard/read though) a virus that infects a system before you have downloaded ANYTHING.

I hate to give this guy/gal any credit but whoever is responsible for this huge pain in the arse, is one smart cookie.

http://www.computing.net/windowsxp/w...rum/73575.html

[Asher]

Actually it's very poor code and design.

It's just such an easy exploit.

[Elok]

Clever, maybe, but I don't know that I'd call anybody who makes computer viruses "smart." What kind of degenerate schlep spends that much time designing newer and better ways of irritating people for no personal profit? Is there some sort of sexual pleasure in it for them, or are they too dumb to just do straight identity theft like their more enterprising nerd compatriots?

[Nubclear]

Too bad theyre wasting their talents. They could be getting quite a bit of money.

[Frozzy]

Most computers have their NetBIOS port open by default (a MS Windows flaw). This enables anyone to access your files, and even set up your computer as a hidden webserver. As such, just going on the internet can let in the worm through the open port and into your computer.

It's just as easy to close the port. Why MS doesn't do this by default...

[Blisterz]

Quote:

Originally posted by Elok Clever, maybe, but I don't know that I'd call anybody who makes computer viruses "smart." What kind of degenerate schlep spends that much time designing newer and better ways of irritating people for no personal profit? Is there some sort of sexual pleasure in it for them, or are they too dumb to just do straight identity theft like their more enterprising nerd compatriots?

For some of them, I think it's a kind of "stick it to MS thing" this one more so 'cause it is set up to start a DOS attack on Microsoftupdate.com (on aug 16th I think..? )

[mrmitchell]

It's good that the worm only reboots your machine and DoS's a website. Imagine if it was truly destructive so that you could not recover from it...

[Sprayber]

I think people who **** with other people's computers should be taken out by a bunch of illiterate rednecks and beaten twice a day.

[mrmitchell]

Well, viruses are both good and bad.

If there were no viruses, people wouldn't give a **** about virus security. (They wouldn't need to if there were no viruses, though, right? Although there's no shortage of 14 year olds looking for holes in MS products.)

On the other hand, malicious virus writers should be taken out and shot.

[Elok]

Quote:

Originally posted by Blisterz For some of them, I think it's a kind of "stick it to MS thing" this one more so 'cause it is set up to start a DOS attack on Microsoftupdate.com (on aug 16th I think..? )

Maybe, but with their collective skills you'd think they'd be able to just design some sort of assassin robot, sic it on Gates, and leave the rest of us alone. Or just sublimate their rage through porno and Starcraft like good little nerds. Whatever. Anything's better than making MS software harder and more contrary to use than it already is, right? You'd think...

[alva]

Who's to say, Norton and affiliates don't write them themselves...

[Harovan]

An operating is **** if it can be knocked out with such an amazing ease. But still Asher is right, it's crappy coded. It was designed to DoS the Windows update website, but in the most cases it fails its purpose and just makes the computer crash. Probably the product of some geek who should better care about his acne.

[Asher]

Sir Ralph: Tell everyone where the RPC code comes from...

[Asher]

People overestimate how hard it is to make worms like this...and somehow that equates to the guy doing it being intelligent or something.

If somebody went in and shot up a bank, the guy isn't exactly that smart, regardless of how well planned out it was.

[Harovan]

Quote:

Originally posted by Asher Sir Ralph: Tell everyone where the RPC code comes from...

Ummm, that was Solaris, wasn't it? Not sure, though. Makes me wonder why Solaris apparently doesn't have any problems (and never had). Ah well, some people can't even properly steal . Perhaps it's so, because next to nobody runs Solaris and no cracker could be arsed to write a worm to attack some 52 or 53 computers.

[Asher]

No, it was an open source OS...think on it.

Hint: It wasn't a GNU-licensed OS.

[Sarxis]

Honestly, the worm wasn't a big deal, but I am sorta glad for msblast: it made MS get off their butts and come up with a fix before some SERIOUSLY malicious software abused this security hole.

I think that was the point of it anyway.

[Asher]

Um. The fix for the hole MSBlast exploits was out almost a month before MSblast...

[Sarxis]

Was it really? oh well, must have missed it. Was a pretty stupid worm, and it didn't even work like it was supposed to on my system.

[Asher]

I told people to patch immediately as a worm was inevitable, last month: http://apolyton.net/forums/showthrea...threadid=93099

[Sarxis]

Ahh! See, I was getting ready to move, and I didn't have internet in the new place till recently. Just wasn't paying attention.

[JohnT]

That Asher... always looking after our asses.

...uhhhh...

[Harovan]

Quote:

Originally posted by Asher No, it was an open source OS...think on it. Hint: It wasn't a GNU-licensed OS.

Must have been a BSD then. On Linux I've heard them called SunRPC, that's why I thought they came from Solaris. I don't use RPCs at all, they are a security risk on either OS. By the way, my router gets bombed with 135 requests. Just drops them of course.

A friend of my wife caught the worm already. She was shocked and helpless when she called me. Made me think... 3 months ago I set her up that computer. It came shipped with XP Home, but I seriously considered to install a Debian+Gnome on it, since she is a bloody newbie. I should have done so, even more since she lives 700 km away, and these service calls every 2 weeks drive me nuts.

[Urban Ranger]

Quote:

Originally posted by Asher Actually it's very poor code and design. It's just such an easy exploit.

Thanks to MS, of course.

[Makeo]

Quote:

Originally posted by Asher I told people to patch immediately as a worm was inevitable, last month: http://apolyton.net/forums/showthrea...threadid=93099

I probably should have done something about it last month rather than yesterday.

[SpencerH]

I cant be sure its MSBlast but a worm has brought down bagfulls of PC's at my work. They just try to boot up and get into some kinda loop.

[laurentius]

I blame MicroSoft, it's their fault, their shitty software, that is causing all this pain in my ass

[Solver]

ILOVEYOU was excellent code .

They don't cause any harm, people. OK, this one restarts your data. But it's very easy to make it erase all data on harddrive after 3 days. I think, if ILOVEYOU did that, how bad would it have been?

[JohnT]

Quote:

Originally posted by laurentius I blame MicroSoft, it's their fault, their shitty software, that is causing all this pain in my ass

So, if somebody pours sugar in your gas tank, that is the fault of the manufacturer?

[Harry Seldon]

Quote:

It's just as easy to close the port. Why MS doesn't do this by default...

But this virus attacks through port 135 instead of 137, 138, or 139, which I don't think can be closed on a Microsoft machine.