Bad Computer Mojo

[teriaki]

Hey Everyone,

This is OT, but since so many of us use software like Soulseek, Kazaa, etc., that requires our computers and firewalls to have certain ports open I thought I should post it.

There's a new worm propagating through the internet. If you have a firewall, make sure you block ports 135, 139, and 445. This worm affects Windows 2000, NT, XP, and 2k3.

I already had one machine exploited in about 4 hours time. It's hitting the internet hard and is starting to degrade general net performance.

I expect it'll hit the news by morning.

Good luck!

(*This* bs is why I missed Screen on the Green )

[oldschoolny]

Already on the news......

http://www.washingtonpost.com/wp-dyn/articles/A46233-2003Aug11.html

[revaluation]

Ha! Tim made house calls to both me and krish last night to fix our computers.

[revaluation]

Buried within the code of the worm is a jab at Microsoft founder Bill Gates: "I just want to say Love you San! Billy Gates why do you make this possible? Stop making money and fix your software!!"

[shadygroovedc]

Originally posted by teriaki

Hey Everyone,

This is OT, but since so many of us use software like Soulseek, Kazaa, etc., that requires our computers and firewalls to have certain ports open I thought I should post it.

There's a new worm propagating through the internet. If you have a firewall, make sure you block ports 135, 139, and 445. This worm affects Windows 2000, NT, XP, and 2k3.

Luckily, I don't think I got hit.

As for the ports, it's recommended to block ports 135 THROUGH 139 (TCP).

[revaluation]

how do you block ports?

[kken]

Originally posted by revaluation

how do you block ports?

if you have to ask, forget about it. seriously.

[revaluation]

why, is it hard? not everyone is Korean.

[kken]

Originally posted by revaluation

why, is it hard? not everyone is Korean.

yes, you need elite starcraft skillz.

it's messing with your firewall, if you have one. eh, i suppose if you have a linksys or something it's not all that hard hehe.

[shadygroovedc]

Originally posted by revaluation

how do you block ports?

You send in the Coast Guard. Ask Vic. They do it to his peeps all the time.

[shadygroovedc]

Originally posted by kken

yes, you need elite starcraft skillz.

it's messing with your firewall, if you have one. eh, i suppose if you have a linksys or something it's not all that hard hehe.

If you have a linksys router at home, and you kept your default properties when installing, then open your browser and point it to: http://192.168.1.1

No username, but password is: "admin"

Go to the "Filters" option. Depending on which version of firmware you're running on, it'll be there somewhere -- most likely under the Advanced option. You'll be able to set filters for IP addresses or Ports. Just put in the ranges of port numbers you want to filter. E.G. Put in 135 - 139. Set it to filter TCP ports. Hit apply.

If you really want to have fun, tell it to block port 80 in that list. Then call me after two hours of wondering why no websites will open up.

[revaluation]

starcraft!

thanks shady. we dont have a router though, just straight connection from the modem to my comp.

[shadygroovedc]

Originally posted by revaluation

we dont have a router though, just straight connection from the modem to my comp.

That's like going to a whorehouse without a condom. You might not catch anything, but why take the risk. You should at least get a software firewall.

[nautilus60]

Originally posted by teriaki

It's hitting the internet hard and is starting to degrade general net performance.

What exactly does this mean? I ask, cause my machine is acting strange: when i click on the link that is suppose to open in a new window - nothing happens and i dont have pop-up blocker. Once i restart the machine it will work fine for 10 min and then doesnt.

[revaluation]

that's exactly what I got. should say that it was initiated by a Remote Procedure Control (RPC) or something like that.

[shadygroovedc]

Originally posted by nautilus60

What exactly does this mean? I ask, cause my machine is acting strange: when i click on the link that is suppose to open in a new window - nothing happens and i dont have pop-up blocker. Once i restart the machine it will work fine for 10 min and then doesnt.

Symantec has a Blaster Worm Removal Tool you might wanna try.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

[teriaki]

Originally posted by Revaluation

that's exactly what I got. should say that it was initiated by a Remote Procedure Control (RPC) or something like that.

That's the denial of service part of the exploit. The rest of the exploit will root your machine (give access to the person running the attack against your computer).

Originally posted by nautilus60

What exactly does this mean? I ask, cause my machine is acting strange: when i click on the link that is suppose to open in a new window - nothing happens and i dont have pop-up blocker. Once i restart the machine it will work fine for 10 min and then doesnt.

The RPC (remote procedure call) functions pretty much run everything that goes on on your computer. If it's not available, most things won't work, the most common is windows not opening.

The reason it works after a restart is the attack goes away until another attacker (or the same one) starts the attack again. You would call this "rolling," where your machine is in a constant cycle of reboots.

Patch your machine and put up a firewall with the 135 THROUGH 139 blocked, and 445.

[kramadas]

Originally posted by revaluation

Ha! Tim made house calls to both me and krish last night to fix our computers.

Ya...poor guy was there a little while! I freaked out and thought that this was something RIAA had dreamed up of (unofficially of course).