Internet Worm Alert

NewsBin Announcements

Moderators: Quade, dexter

Internet Worm Alert

Postby dexter » Mon Aug 11, 2003 10:56 pm

A worm has started spreading early afternoon EDT (evening UTC Time) and is expected to continue spreading rapidly. This worms exploits the Microsoft Windows DCOM RPC Vulnerability announced July 16, 2003. The SANS Institute, and Incidents.org recommends the following Action Items:

* Close port 135/tcp (and if possible 135-139, 445 and 593)
* Monitor TCP Port 4444 and UDP Port 69 (tftp) which are used by the worm for activity related to this worm.
* Ensure that all available patches have been applied, especially the patches reported in Microsoft Security Bulletin MS03-026.
* This bulletin is available at http://www.microsoft.com/technet/securi ... 03-026.asp
* Infected machines are recommended to be pulled from the network pending a complete rebuild of the system.

---------------

More info at http://www.trendmicro.com/vinfo/virusen ... _MSBLAST.A
User avatar
dexter
Site Admin
Site Admin
 
Posts: 9514
Joined: Fri May 18, 2001 3:50 pm
Location: Northern Virginia, US

Registered Newsbin User since: 10/24/97

Return to Announcements

Who is online

Users browsing this forum: No registered users and 12 guests