Net Manager
Network Managing, Engineering and Administration with an eye toward security.

Best practices meets the real world!

Tuesday, August 12, 2003  

Well, it was suppose to have launched a while back, but someone finally sent out a worm based upon the DCOM RPC vulnerability. This write up from Symantec has all the pertanent details of what's being called "Billy" or "Blaster": W32.Blaster.Worm. Looks like if you block ports 69, 135, 139, 445, and 4444 your safe from it. I've also seen folks state that they were hit by it even though they had applied patches that were suppose to prevent it. I've also seen statments that it doesn't work well with XP machines, but others have stated that those have been infected as well. Look out for reboots through, and check for msblast.exe in the C:\windows\system32 directory.

posted by David | 8/12/2003 08:10:00 AM


Post a Comment

<< Home

News Links
Blog Links


Reading blogs at work? Click to escape to a suitable site!
Get Firefox

Site Meter

Powered by Blogger