Forums Últimos mensajes - Powered by IBM
 
Tags Palabras claves

Gusano bueno en combate de Blaster

19/08/2003 - 18:53 por Antonio Lopez | Informe spam
Ayuda Hacer una pregunta
email Siga el debateRespuesta 5 respuestasRespuesta Tengo una respuesta

Preguntas similare

Mostrar todos los temas similares

Leer las respuestas

#1 JM Tella Llop [MS MVP] ·
19/08/2003 - 18:58 | Informe spam
PSS Security Response Team Alert - New Worm: Nachi, Blaster-D, Welchia

SEVERITY: CRITICAL
DATE: 08/18/2003
PRODUCTS AFFECTED: Windows 2000 and XP, Internet Information Services
5.0

**********************************************************************

WHAT IS IT?
A new worm is spreading in the wild. The Microsoft Product Support
Services Security Team is issuing this alert to advise customers to be
on the alert for this virus as it spreads in the wild. Customers are
advised to review the information and take the appropriate action for
their environments.

IMPACT OF ATTACK: Network Propagation, Patch Installation

TECHNICAL DETAILS:
Similar to the earlier Blaster worm and its variants, this worm also
exploits the vulnerability patched by Microsoft Security Bulletin
MS03-026, and instructs target systems to download its copy from the
affected system using the TFTP program.

In addition to exploiting the RPC vulnerability patched by Microsoft
Security Bulletin MS03-026 this worm also uses a previously patched
vulnerability in Microsoft Security Bulletin MS03-007 directed at IIS
5.0 over port 80 to propagate to un-patched systems.

In addition upon successful infection this worm also patches systems
with the patch for Microsoft Security Bulletin MS03-026. It does this by
first determining the operating system and then downloading the
associated patch for that operating system.

For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:

Network Associates:

http://vil.nai.com/vil/content/v_100559.htm

Trend Micro:

http://www.trendmicro.com/vinfo/vir...e=WORM_MSB
LAST.D

Symantec

http://securityresponse.symantec.co...lchia.worm
.html

For more information on Microsoft's Virus Information Alliance please
visit this link: http://www.microsoft.com/technet/se...us/via.asp


Please contact your Antivirus Vendor for additional details on this
virus.

PREVENTION:
Turn on Internet Connection Firewall (Windows XP or Windows Server 2003)
or use a third party firewall to block incoming TCP ports 80, 135, 139,
445 and 593; UDP ports 135, 137, 38.

To enable the Internet Connection Firewall in Windows XP please see the
instructions below or visit this KnowledgeBase Article:
http://support.microsoft.com/?id(3673

* In Control Panel, double-click Networking and Internet
Connections, and then click Network Connections.
* Right-click the connection on which you would like to enable
ICF, and then click Properties.
* On the Advanced tab, click the box to select the option to
Protect my computer or network.

This worm utilizes two previously-announced vulnerabilities as part of
its infection method. Because of this, customers must ensure that their
computers are patched for the vulnerabilities that are identified in the
following Microsoft Security Bulletins.

Microsoft Security Bulletin MS03-026
http://www.microsoft.com/technet/se...03-026.asp
Microsoft Security Bulletin MS03-007
http://www.microsoft.com/technet/se...03-007.asp

In order to assist customers with the installation of the patch for
Microsoft Security Bulletin MS03-026 Microsoft has released a tool which
can be used to scan a network for the presence of systems which have not
had the MS03-026 patch installed. More details on this tool are
available in Microsoft Knowledge Base article 826369.

RECOVERY:
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Product Support Services for assistance
with removing it.

RELATED KB ARTICLES:
http://support.microsoft.com/defaul...-us;826234
This article will be available within 24 hours.

RELATED SECURITY BULLETINS:
Microsoft Security Bulletin MS03-026
http://www.microsoft.com/technet/se...03-026.asp
Microsoft Security Bulletin MS03-007
http://www.microsoft.com/technet/se...03-007.asp

VIRUS ALERT LINK:
http://www.microsoft.com/technet/se.../nachi.asp

As always please make sure to use the latest Anti-Virus detection from
your Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your
Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the
US, outside of the US please contact your local Microsoft Subsidiary.
Support for virus related issues can also be obtained from the Microsoft
Virus Support Newsgroup which can be located by clicking on the
following link
news://msnews.microsoft.com/microso...ity.virus.

PSS Security Response Team


PLEASE READ: Do not use this list for discussions! For discussions, please use the private MVP newsgroups or subscribe to:


Jose Manuel Tella Llop
MS MVP - DTS


Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.





"Antonio Lopez" wrote in message news:
http://www.cnnenespanol.com/2003/te...index.html

Antonio Lopez



Respuesta Responder a este mensaje
#2 Waldín
19/08/2003 - 18:58 | Informe spam
Yo no creo en gusanos "buenos". Alguna intención tendrá...

"Antonio Lopez" escribió en el mensaje
news:
http://www.cnnenespanol.com/2003/te...index.html

Antonio Lopez








Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
Respuesta Responder a este mensaje
#3 Javier Inglés [MS MVP]
19/08/2003 - 18:59 | Informe spam
Venga ya hombre!!! Por favor!!

Este virus, [que ha posteeado Antonio Amengual [MS MVP] ya sobre él]explota la vulnerabilidad de WebDav que salió hace ya un tiempo...y el único bicho/gusano bueno es el gusano muerto...

Salu2!!

Javier Inglés
MS-MVP

:
<<<QUITAR "NOSPAM" PARA MANDAR MAIL>>>

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho


"Antonio Lopez" escribió en el mensaje news:
http://www.cnnenespanol.com/2003/te...index.html

Antonio Lopez



Respuesta Responder a este mensaje
#4 Joan Ballart
19/08/2003 - 19:17 | Informe spam
Y quien lo ha hecho??..no me fio...nada de nada.
es como si para prevenir las anginas espolvorearan si avisar antibioticos con avionetas fumigadoras.

Saludos.
Joan Ballart
joanb@(NO)menta.net

"Antonio Lopez" escribió en el mensaje news:
http://www.cnnenespanol.com/2003/te...index.html

Antonio Lopez



Respuesta Responder a este mensaje
#5 Antonio Lopez
19/08/2003 - 21:30 | Informe spam
Pues no se si sea bueno eso lo determinaran las
compañias antivirus, examinado el comportamiento del virus

Antonio Lopez

"Antonio Lopez" wrote in message
news:
http://www.cnnenespanol.com/2003/te...index.html

Antonio Lopez



email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida