There seems to be a massive denial of service attack going on

M

Mark Jerome

I too am seeing many of my clients remote PC's going down with this same RPC
and COM+ errors. The NT Authority auto shutdown that everyone is talking
about.


Basically all our users behind a firewall are not experiencing this problem.
Remote users that acces the interent and then come to our servers by way of
terminal connection are dropping like flies.
We have lost many systems today all going down one after another.

These remote systems, since they use slow dialup were not patched against
this RPC exploit. We are trying to now but MS site seems swamped and we are
unable. Fortunately these people can stay up because they can RAS into our
firewalled site and then user their browser to get the update. Users that
only have internet access can not stay up long enough to get updates.

All systems affected have the MSBlast.exe file that some poeple have talked
about.

Does any security person know whats going on?

How is the DOS working? Where is it coming from? Any word from Symantec or
Macafee on what msblast.exe is and what other files may have been affected?
 
R

rainie klein

it seem to me that it is a virus, I don't know what ms is
doing about this issue I just receive this patch for the
hole the virus is getting in through. Our phones jumped
off the hook about 10 minutes when I came into work. I
came here to see what was going on and I saw all these
people with the same issues... IS THERE ANYTHING i CAN DO
TO HELP ??? i COULD I EMAIL YOU ANYTHING?

-RAINIE
 
J

Jupiter Jones [MVP]

Mark;
First, IMMEDIATELY disconnect from the internet before a "friend"
leaves a gift on your computer for you.
DO NOT reconnect until this issue is resolved.

Install or enable a firewall immediately.
http://support.microsoft.com/?kbid=283673

Run an updated virus scan.
Or Scan for Viruses online:
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ

Also be sure to update immediately to prevent this in the future:
http://windowsupdate.microsoft.com/

This will tell you more:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
 
J

Jupiter Jones [MVP]

Rainie;
Microsoft is not really doing much right now.
However Microsoft did release the patch a few weeks ago to protect
against this very issue.

First, IMMEDIATELY disconnect from the internet before a "friend"
leaves a gift on your computer for you.
DO NOT reconnect until this issue is resolved.

Install or enable a firewall immediately.
http://support.microsoft.com/?kbid=283673

Run an updated virus scan.
Or Scan for Viruses online:
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ

Also be sure to update immediately to prevent this in the future:
http://windowsupdate.microsoft.com/

This will tell you more:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
 
M

Mark Jerome

Well advise is sound but flawed. TO fix the computers we need the patch and
we need acces to get the NAV updates. Problems right now is how STUPID MS is
doing this and how unpapared they are. I can only find the patch through MS
update and NOT as a single file download. THis has immense consequences

Also for sites where we have lots of users on broadband our problem is that
MS has not provided this patch as a file which is utterly stupid!!! What
we all want to do is download ONE FILE. Then disconnect the entire site from
the internet. Then apply the patch to all the computers.

The way it is now we have to have each and every PC hit the internet to get
this patch. MS site is so bogged down it takes for ever. Before any patch
can be complete the PC's are getting nailed with this BUG. this is a viciuos
cycle we can't seem to get out of. Does anyone know where this stupid patch
can be downloaded as a file???
 
T

Testy

Maybe you should have properly secured your computers and installed the
patch a month ago when it was available.

Testy
 
J

Jupiter Jones [MVP]

Mark;
Microsoft prepared for this.
This vulnerability has been on the news lately.
1. The patch was available weeks ago both by direct download and
Windows Update.
2. Windows XP has a built in firewall, why was no firewall in place
on your network?.
3. Your computer system should have an up to date reliable antivirus
application.
At least two of these did not happen.
You need to question the competency of your IT department and perhaps
train them in basic computer security and maintenance.
Until then expect the same thing next time.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CCleaner Compromised to Distribute Malware for Almost a Month 10
Mandatory Profiles on a Local Machine 2
Codemaster's Next to be Hacked 4
can group policy be reset to original defaults? 2
Is there a Limit to the number of DLLs that can be loaded by 32 bit Applicatons on Windows 98? 4
REPOST, U.S. Dept. of Homeland Security urges Windows users to update their Operating Systems. 3
Here we go Again! :-( 35
IE has flaw of doom (All you have to do is visit a buggy page) 6

Top