RPC DCOM Worm

[sponge]

I probably should've said something a couple weeks back when I heard that some people were developing worms, but I forgot to mention it here. The first worms that exploit this hole are out, so if your running anything on the NT kernel, I highly suggest you find the patch. When hit, RPC is killed, and thus SYSTEM user shuts down. The patch is somewhere on MS, don't have the URL off hand.

BTW, if you happen to get hit, send me an IM or something, I've got the tool used to exploit it, working out a way to fix it remotely. I think if you can get the patch installed quick enough it'll work, once you are infected.

[edit] Apparently, if you can get the patch installed in 60 seconds, your good.

http://download.microsoft.com/download/ ... 86-ENU.exe
For XP Home. Find the page for other OSes

[edit2] Got any enemies? Send their IPs to me :P

[METROID]

Thanks for the info and help Sponge I have been crashing all morning. I have to add if your comp is shutting down every 60 seconds quickly move to the control panel and go to system and administrater and then services and change the config of the service so it will not Shut down your comp if it runs into an error, this way you can have time to download and instal the patch without shut down (NOTE: DO NOT DISABLE THE RCP SERVICE!).

[TroGdoR the BuRNiNatOR]

I dont know if this is a action of the worm or jus a hacker, but my content advisor has just suddenly been turned on and set with a password i dont know. I am using my other computer to write this message and to seek help. !newb in crisis!

can anyone help me reset the password?

[sponge]

Definitely not the worm. Can't really help either, don't know anything about that offhand. Try searching http://neworder.box.sk I guess

[ktemkin]

[sponge]

[Jaybot]

blaster worm.. cute.

i was wondering what that mblast.exe task was .. combined with that fact that all copy/paste functions and open in a new window (shift-click) were not working