Peachy Posted August 18, 2003 Share Posted August 18, 2003 So...Apparently, there is a new RPC worm spreading that infects hosts the same way as Blaster. But there is a twist. Apparently, this worm removes Blaster and then downloads a bunch of Microsoft security patches, then sets itself to delete itself on January 1, 2004. I kid you not! Quote Link to comment Share on other sites More sharing options...
Prelude76 Posted August 18, 2003 Share Posted August 18, 2003 So...Apparently, there is a new RPC worm spreading that infects hosts the same way as Blaster. But there is a twist. Apparently, this worm removes Blaster and then downloads a bunch of Microsoft security patches, then sets itself to delete itself on January 1, 2004. I kid you not!sounds like Microsoft made this pro-active 'good' worm. which leads me to a question; is releasing a 'good' worm or virus that fixes computers automatically also illegal? i mean, could FBI bust down your door if you make a good virus? like one that wipes XP from your computer and installs SuSE? Quote Link to comment Share on other sites More sharing options...
Peachy Posted August 18, 2003 Author Share Posted August 18, 2003 Technically, yes! Quote Link to comment Share on other sites More sharing options...
nlinecomputers Posted August 18, 2003 Share Posted August 18, 2003 I doubt that Microsoft released this. This isn't any better then the first worm. What if Microsoft changes the download location of the patch? Will the worm crash or cause more problems? Can some one exploit the worm and piggyback a trojan on the fix-it worm? Could someone spoof Microsoft website and send a spoofed patch to you? Thanks but no thanks I'll patch my own system. Quote Link to comment Share on other sites More sharing options...
Prelude76 Posted August 19, 2003 Share Posted August 19, 2003 I doubt that Microsoft released this.i know, i was kidding. it's probably some work of a script kiddie who wants to do something to stop the blaster worm. basically, a mis-guided hacker. Quote Link to comment Share on other sites More sharing options...
RandomBox Posted August 19, 2003 Share Posted August 19, 2003 They actually had an article in today's LA Times Business section on it!I did a little search on this and I got a giggle out of it! I guess it is mostly infecting machines in Asia (Japan/China/S.Korea)!It goes under a few different aliases like "Nachi Worm", "Blaster-D/Nachi", "Worm_MSBLAST.D", "W32.Welchia.Worm", "W32.Nachi.worm", and "Welchia"!This malware also exploits the RPC DCOM Buffer Overflow, and instructs target systems to download its copy from the affected system using TFTP (Trivial File Transfer Protocol).Couple of other sources for reading up on it are: http://www.computerworld.com/securitytopic...1,84126,00.html andhttp://www.trendmicro.com/vinfo/virusencyc...=WORM_MSBLAST.DTrendMicro also provides a fix for it at http://www.trendmicro.com/ftp/products/tsc...sc/sysclean.com Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.