Kudane

W32.Blaster.Worm is a nasty little virus that is attacking systems all over the country. The effected OS's seem to be Windows XP, NT, 2000, 2003 Server. The only un-affected OS at the moment is Windows ME. If your using XP or any other NT platformed Windows OS Read below. (please note EQInterface.com/EQGui.com and our files do not have this virus, we are sharing info to help stop the virus)

You can read Symantec's write up on the Virus including symtoms and removal here. If you know you have picked up this virus they have released a worm removal tool you can download here

Microsoft has updated thier window's patcher to fix the hole that this virus is coming in through. To download the stand-alone patch to fix this you can go to Microsoft's site here. Please read the whole page, you will find specific information about how to apply the patch and links to the patch files.

As I said, this is a nasty little bug. To be clear the virus is not hiding in any of our files. We are sharing this with you out of concern, as always our files are checked for virus regularly.

And a special thanks to Fazzelan, Scottpero, and Kuthbert from my Guild Stone for the information and links they provided. The were quick to find all the info needed to prevent/cure/fix this virus.

- Kudane

Tinkfu

__________________
Route 666

Dolby

Thanks tinkfu. I think Kudane just wanted something on the front page so more people would see it.

kenney

k what i want to know is where did you guys pick this virus up from?? did you get it from EQ or a webpage some where??

Tinkfu

I know that dolby, just wanted to give another source :-)

it came from the evil gnomes, you know the Dark Reflection...

Dolby

I didn’t get a virus. Kudane didn’t get a virus. Eqinterface/Eqgui didn’t get the virus. Kudane just wanted to share information on a large scale worm that’s floating around incase you didnt hear about it on TV or the million other computer news sites. Like he said in his news posts none of our files are infected because the worm doesn’t get contracted through zipfiles.

Jethal

I got this from some kazaa downloads, but i've gone through norton's information and got it cleared up.. and patched XP.
man, what a pain that was

Tinkfu

seems only people running P2P and messengers have been getting the virus from all the people I have talked to around here..

EQinterface/EQGUI are clean sites... Aside from the FU infection, but no anti-virus can clean that off /evillaugh

Kudane

Sorry Tink, I didnt see your post when I was gathering the information. I saw it later when someone replied to it..

/bow

And Kenney I even said in the post


I just want to see this virus stopped..

And Tink, I know several people who have gotten it, one while his mule was in EQ (no SOE doesnt have the virus, EQ Just opens the port).. sooo if your doing something that opens the ports it uses, and you have not run the patch.. you could get it.

__________________


.: Have a question? Read this :.

[ F.A.Q ]

kenney

ohh i didnt mean this site had it, was just wondering where this was picked up from ?? I know i had one way back when and i can tell where i got it from..was it tho email or chat sites those kinda things..

golgo13

I've run several checks and i just recently got an email from zone alarm stating this is a wide spread problem. It also said that this worm also attempts to use infected computers in a distributed denial-of-service attack against Microsoft's Windows Update site. Now im no computer buff but it sounds like it puts a stop to letting you go to windows update. Which is what im having a problem with. If i don't have the worm then i should be able to get to the site. I have updated my pc with the latest security updates but am i te only one having this problem?

__________________
Elekros Delekros
56 Necromancer
Veeshan

Vishuz

What the worm does is cause a shutdown after you're online for a while.

Shouldn't cause you to have problems with window's update.

__________________
Baron Vishuz Angrypants
65 Deciever of Crimson Legacy
E'Ci

golgo13

MS-BLAST WORM, First documented exploit of the July 16, 2003 Microsoft Windows RPC vulnerability

Risk: High. All unprotected Internet-connected PCs with vulnerable versions of the Windows operating system could be affected.

Vulnerability: The MS-Blast worm exploits a vulnerability of the RPC (Remote Procedure Call) process built into Windows. The RPC process facilitates sharing resources like files and printers over a network. The MS-Blast worm scans the local network for PCs that have UDP port 135 open. If the worm finds such a target, it exploits the RPC vulnerability and infects the PC with a copy of itself. Once on a PC, the worm attempts to spread further and interfere with normal OS operation. The worm also attempts to use infected computers in a distributed denial-of-service attack against Microsoft's Windows Update site.

Harm: Loss of user productivity, IT/Helpdesk calls and intervention required, and potential business continuity issues. Infected machines may experience performance problems and users may not be able to use their Internet connections. Network bandwidth usage could affect Quality of Service (QOS) and disrupt operation of critical business and network services.

Thats the exact email i got from zone labs about this worm.

TrendLabs has received several infection reports of this new worm, which exploits the RPC DCOM BUFFER OVERFLOW. This vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
This worm has been observed to continuously scan random IP addresses and send data to vulnerable systems on the network using port 135. On the following system dates, it performs a Distributed Denial Of Service attack against windowsupdate.com:
On the 16th to the 31st day of the following months:
January
February
March
April
May
June
July
August


Any day in the months of September to December.

This worm runs on and is able to propagate into Windows NT, 2000, and XP systems.

This is what i've leard at the trend website too.

Both state that this worm could cause you not to be able to run windows update. Hence you will not be able to get this fixxed.

Zantaklawz

Well much like the War of the Worlds announcement, mass hysteria was created and everyone is running to MS site to get the patch... so getting there now is like pouring molasses in the dead of winter. So don't expect the site to load quickly any time soon, so if you can get on, great otherwise you might as well keep trying for a bit due to the flood of people there trying to download the patch.

__________________
Zantaklawz

Proud to be an at EQ Roleplayers! Join us and spread the word!

Come and sit for a while and listen to the Tales of Zantaklawz! Tell one! Tell all!