Dismiss Notice

Welcome To CK5!

Registering is free and easy! Hope to see you on the forums soon.

Score a FREE t-shirt and membership sticker when you sign up for a Premium Membership and choose the recurring plan.

new wave of virus...

Discussion in 'The Lounge' started by m j, Jan 27, 2003.

  1. m j

    m j 1/2 ton status

    Joined:
    Dec 28, 2001
    Posts:
    4,606
    Likes Received:
    0
    got at least 3 yesterday emailed to me.
    why does it seem to go in spurts?

    last one was 'aagre' wanting me to run a 'Klem proofing program' and to be sure to have my virus scan ignore it
     
  2. Shaggy

    Shaggy 3/4 ton status

    Joined:
    Dec 15, 2000
    Posts:
    6,737
    Likes Received:
    0
    Location:
    Los Banos, CA
    Re: new waze of virus...

    </font><blockquote><font class="small">In reply to:</font><hr />
    Re: new waze of virus...

    [/ QUOTE ]

    <font color="green"> Uh oh, it turns Vs into Zs! /forums/images/graemlins/eek.gif

    It goes in spurts because that's the way evolution designed it. The tissue contracts in waves, forcing the seminal fluid out of the end. /forums/images/graemlins/thumb.gif

    Anyways... Some places got hit pretty hard, I deal with IBM quite a bit and one of their inbound call centers was essentially grounded today since all of their systems got infected over the weekend.</font color>
     
  3. m j

    m j 1/2 ton status

    Joined:
    Dec 28, 2001
    Posts:
    4,606
    Likes Received:
    0
    thanks Shaggy /forums/images/graemlins/tongue.gif
     
  4. mudhog

    mudhog THEGAME Staff Member Super Moderator

    Joined:
    Nov 6, 2000
    Posts:
    17,899
    Likes Received:
    2
    Location:
    portland oregon
    i have gotten at-least six in the last week /forums/images/graemlins/angryfire.gif /forums/images/graemlins/angryfire.gif /forums/images/graemlins/angryfire.gif /forums/images/graemlins/angryfire.gif
     
  5. Sandman

    Sandman 3/4 ton status Author

    Joined:
    Apr 15, 2002
    Posts:
    5,653
    Likes Received:
    0
    Location:
    Pocatello, ID
    Our network and mail servers have been pretty ok. We run a pretty tight firewall with a spam buster though.
     
  6. Goober

    Goober 1/2 ton status

    Joined:
    Apr 26, 2002
    Posts:
    2,222
    Likes Received:
    0
    Location:
    Mayberry (Auburn, WA)
    </font><blockquote><font class="small">In reply to:</font><hr />
    Our network and mail servers have been pretty ok. We run a pretty tight firewall with a spam buster though

    [/ QUOTE ]

    Be careful of this latest one.

    The problem with this latest worm (not a virus) is that it can't be detected by anti-virus software since no files are ever written to your hard drive. This little bugger exists only in memory once it infects a machine and it executes as a trusted application. /forums/images/graemlins/shocked.gif

    Microsoft released a security patch that addressed this particular vulnerability in SQL 2000 but if you installed SP2 for SQL 2000 then you needed to re-install this particular patch since SP2 changed the patched files back to their original (vulnerable) files.

    It's actually an incredibly simple exploit that just caught everyone off guard. The way this one works is it tries to send itself out to the SQL Server Resolution Service, which uses UDP port 1434, and when it gets an answer from a SQL Server it performs a simple buffer overflow that allows it to execute under the security contect of the SQL Server Service. It executes a few lines of code that uses GetTickCount (Windows API Function) to generate random IP addresses that it then attempts to contact via UDP port 1434, starting the whole process all over again by sending itself as the payload.

    So, you see, there is really no damage done directly to the affected machines but the fact that it opens sockets and tries to send itself to so many destinations creates a DOS (Denial of Service) condition that drags the machine to it's knees.


    If you are not running any SQL 2000 Servers then this is an easy one to stop ..... just shut off port 1434 at your firewall.









    OK .... y'all can wake up now, the boring part is over.

    /forums/images/graemlins/grin.gif /forums/images/graemlins/grin.gif /forums/images/graemlins/grin.gif /forums/images/graemlins/grin.gif
     

Share This Page