Quick w32.blaster question

[Fiveohhh]

Just wondering if you need to open an attachment to get it, or if it works on its own somehow. I reada a few descriptions, and it sounded like something needed to be executed, but not for sure.
Thanks

 

[rudeguy]

AFAIK you have to open the attachment to an email

 

[dm33186]

if port 135 is open you can get it

 

[speed01]

You do not have to open anything to get it.

Speed

 

[ndee]

Originally posted by: dm33186
if port 135 is open you can get it

exactly. No email involved.

 

[chin311]

dang, no email...i just downloaded teh patch, scary :Q

 

[CraigRT]

the patch?

 

[AMCRambler]

The patch microsoft put out to fix the hole. Worked for me.

 

[chin311]

TEH PATCH

 

[Fiveohhh]

Thanks

 

[NogginBoink]

Originally posted by: CraigRT
the patch?

The patch that was released about a month ago.. MS03-026.

Anyone who's kept up to date on windows update would not be hit by this attack.

 

[lowtech1]

You don't have to download it to get infected. Just disable RPC in services and you should be okay to go. Also apply NTFS security policy (create & Deny Everyone group to al permission) on tftp.exe under System32 directory, then update & patch your computer as soon as you can.

 

[MrBond]

Originally posted by: lowtech
You don't have to download it to get infected. Just disable RPC in services and you are should be okay to go. Also apply NTFS security policy (create & Deny Everyone group to al permission) on tftp.exe under System32 directory, then update & patch your computer as soon as you can.

isn't RPC one of those services a lot of stuff depended on (ie: disabling makes the computer as useful as it would be unplugged from the wall). The patch is tiny, might as well do it right.

I read this morning any unpatched PC can be expected to be infected within 25 minutes of connecting to the internet.

 

[randomlinh]

heh, someone on campus for the summer got it in 5 minutes.

i'm really glad school hasn't started yet here... it'd be hell on campus for the internet.

 

[nater]

we're getting killed by this here at work....

 

[lowtech1]

Originally posted by: MrBond

Originally posted by: lowtech
You don't have to download it to get infected. Just disable RPC in services and you are should be okay to go. Also apply NTFS security policy (create & Deny Everyone group to al permission) on tftp.exe under System32 directory, then update & patch your computer as soon as you can.

isn't RPC one of those services a lot of stuff depended on (ie: disabling makes the computer as useful as it would be unplugged from the wall). The patch is tiny, might as well do it right.

I read this morning any unpatched PC can be expected to be infected within 25 minutes of connecting to the internet.

Remote Procedure Call (RPC) is use for remote access. RPC also use for HTTP (if you are runing IIS server). Disable RPC & audit the tftp.exe (Trivial File Transfer Protocol) should stop the Blaster worm that is currently runing out there & stop any hacker that try to use the trtpd flaw on your computer. Best method is to keep up with the patch, have a firewall & stop/audit services that you are not using, or simply unplug your computer from the internet.