MSBlast variants targeting Win9x machines (Heads Up)

[Greg P Rozelle]

copyied from 98 newsgroup

W32.Randex.E
http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html

Identified 12 August-03
Included in NAV definitions 13 August-03




Disclaimer
My advice is as-is. It could trash your system.

 

[Greg P Rozelle]

Oops sorry, I forget to mention it affects this

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows XP





Disclaimer
My advice is as-is. It could trash your system.

 

[EGMcCann]

Looks like a merger between it and some of the older zombies/trojans that
have been around for a while.

That didn't take long.

--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp

(Stolen with pride from Gary Thorn... thanks!)

 

[Greg P Rozelle]

Appears that it can only affect 95/98/Me if they are also using IRC.

Posted from symatec
8. The worm contains its own IRC client, allowing it to connect to
specified IRC servers and join a channel to listen for the commands
from the worm's creator.

The RPC vulnerability is totally absent from 95/98/Me.


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."

Disclaimer
My advice is as-is. It could trash your system.

 

[David H. Lipman]

It's NOT a variant to MSBlast. It is a different entity all togethert. It just will take
advantage of the RPC vulnerability of NT based platforms.

Dave

| On Thu, 14 Aug 2003 05:23:54 GMT, Ron Martell <[email protected]>
| wrote:
|
| >[email protected] (Greg P Rozelle) wrote:
| >
| >>copyied from 98 newsgroup
| >>
| >>W32.Randex.E
| >>http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html
| >>
| >>Identified 12 August-03
| >>Included in NAV definitions 13 August-03
| >>
| >
| >Appears that it can only affect 95/98/Me if they are also using IRC.
| Posted from symatec
| 8. The worm contains its own IRC client, allowing it to connect to
| specified IRC servers and join a channel to listen for the commands
| from the worm's creator.
|
|
|
|
| >
| >The RPC vulnerability is totally absent from 95/98/Me.
| >
| >
| >Ron Martell Duncan B.C. Canada
| >--
| >Microsoft MVP
| >On-Line Help Computer Service
| >http://onlinehelp.bc.ca
| >
| >"The reason computer chips are so small is computers don't eat much."
|
|
| Disclaimer
| My advice is as-is. It could trash your system.
|

 

[Greg P Rozelle]

David H. Lipman

I was just copying a post from the Microsoft windows 98
newsgroups. Out of respect, I removed his name.


Webster New Word dictionary
Variant
1. Varying; different; esp.; different is some way from the others of
the same kind or class, or from standard or type.

Technically the poster of this is right and so are you.



Greg P Rozelle




Disclaimer
My advice is as-is. It could trash your system.

 

[Mow Green]

Moral of the story :
Don't use IRC.

MowGreen

 

[Ken Blake]

In

IRC.
Posted from symatec
8. The worm contains its own IRC client, allowing it to connect to
specified IRC servers and join a channel to listen for the commands
from the worm's creator.

The following quote is from Symantec's description of the worm at
http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html


Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX,
Windows 95, Windows 98, Windows Me, Windows NT



W32.Randex.E, which the web page you mention is about, is *not*
MSBlast.