Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > More info on RPC from BT Openworld support

Reply
Thread Tools

More info on RPC from BT Openworld support

 
 
Mcploppy
Guest
Posts: n/a
 
      08-11-2003
*from BT Openworld support*

More info for you

RPC (Remote Procedure Call) Exploit - Possible Emerging Worm Virus (P2P)

Sources
Original Exploit Warning :
http://www.symantec.com/avcenter/sec...tent/8205.html
Details of Emerging Worm : http://isc.sans.org/diary.html?date=2003-08-09
"BILLY" Worm Details : http://isc.sans.org/diary.html?date=2003-08-11

Background
Discovered in July 2003, the RPC exploit was identified by Microsoft as a
High Risk for any NT based system (NT, XP, 2000, 2003). Patches were
released at the time.

Now, it would appear that early reports of an "in the wild" (as in not just
theoretical experiments) use of the exploit have now been found.

Symptoms
The most obvious symptom for a EU is that their PC, while connected to the
internet will suddenly receive a message stating that your PC is shutting
down due to an administrator request from "NT AUTHORITY\SYSTEM".

If this has occurred, the EU has contracted the virus.

Technology
The worm will affect any NT based system that is vunerable to the RPC
exploit. After being infected it will "listen" on a specific port for
further requests from users (read: hackers). This will leave the EU's PC
open to access (files, confidential info, etc. could be read, deleted,
removed, etc.)

The PC will then spread the worm via a P2P (peer-to-peer) method via a
random IP. It is not expected that it makes contact with IP addresses in the
same range as it's own. It does not require specific software to spread
(just a specific operating system).

Resolution
Recent service packs do NOT stop the spread of the worm - to do so requires
the specific patch, listed in the exploit warning linked to above. The patch
is unlikely to work correctly if installed over an existing infection, and
will require either a reformat or a complex removal routine as the virus
patches the exploit it uses.

As an emerging worm, there is no current hard and fast fix. It is assumed
virus scanning labs are working on resolutions now.

--
Mcploppy

{ Remove both MyShoes to email me}
{ Homepage: http://tinyurl.com/bbel }
{ Local Radio: http://tinyurl.com/j1vi }
{ Download Messenger 6 http://tinyurl.com/h7co }


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Alcatel Speedtouch and Openworld Broadband Andy Archard Computer Support 2 01-24-2004 11:32 PM
BT Openworld Broadband Disconnects Prashant Computer Support 5 01-24-2004 01:14 AM
BT Openworld problems Chris Computer Support 1 11-26-2003 10:03 AM
Bt openworld Email John Computer Support 3 11-13-2003 09:56 PM
BT Openworld. Ant Computer Support 2 09-29-2003 01:54 PM



Advertisments