Still getting MSBlaster Activity


Recommended Posts

i'm not paying attention to my logs; i'll look once in a while, but for the most part, i know i'm secure enough :happy:

i'm sure it's still going around. there might be a new version that doesn't have any side-effects (crashing RPC), so there are probably people out there that don't know they're infected :pinch:

Link to comment
Share on other sites

Same here, I get MSblast email on my hotmail account around 5-10mails a day. It's so annoying.

:no:

MSBlast doesn't spread via email.

And yeah, I'm still getting hit a lot according to my router logs.

Link to comment
Share on other sites

Same here, I get MSblast email on my hotmail account around 5-10mails a day. It's so annoying.

:no:

MSBlast doesn't spread via email.

And yeah, I'm still getting hit a lot according to my router logs.

Yeh thats what i thought.

: :D

Link to comment
Share on other sites

Same here, I get MSblast email on my hotmail account around 5-10mails a day. It's so annoying.

:no:

MSBlast doesn't spread via email.

And yeah, I'm still getting hit a lot according to my router logs.

Yeh thats what i thought.

: :D

Hmm... then that's weird. I got several emails on my Hotmail account with .pif file attatched. When I try to download it to my HDD, Norton Antivirus alert me that it's MSBlast virus and delete it. I really want to save one for my collection though.

:cool:

Link to comment
Share on other sites

Hmm... then that's weird. I got several emails on my Hotmail account with .pif file attatched. When I try to download it to my HDD, Norton Antivirus alert me that it's MSBlast virus and delete it. I really want to save one for my collection though.

:cool:

w32.sobig.f@mm is mass (e)mailer worm. hense you get .pif files attachments.

w32.blaster.worm is a worm that spread by exploiting RPC hole(port 135) and variant F was designed to flood microsoft's windows update site.

read http://www.sarc.com/ for lots more info

Link to comment
Share on other sites

Yup the corporate world is still struggling as well.

When the southwest schools came back online (last week) they basically DoS'd our pipe to the inet purely with ICMP + arp activity.

As Blaster/Nachi dont make their presence known until a machine gets unlucky and has incorrect exploit code executed, they will exist in the wild indefinetly. Home users wont patch, its the way of things, and we should plan around that fact.

It does look like Nachi is going to be the most persistant, until the code times out. Blaster was written by a monkey, Nachi seems to have been written a little better (despite the patch application failing the majority of the time).

(Again its worth noting that Nachi is not a variant of the Blaster code)

Link to comment
Share on other sites

I get anywhere from 20 - 30 emails a day at the office.

thats sobig

A lot of schools are charging 25 or 30 dollars if a computer on the network is found unintentionally spreading a virus, then another 30 to clean it.

I work for the helpdesk at NMU, which has a laptop program, and gives out a laptop to its 12,000 students. I've had lines of people stretching in quarter miles, full of blaster/welchia worm when school started up.

God it was bad.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.