More info on RPC from BT Openworld support

Discussion in 'Computer Support' started by Mcploppy ©, Aug 11, 2003.

  1. Mcploppy ©

    Mcploppy © Guest

    *from BT Openworld support*

    More info for you

    RPC (Remote Procedure Call) Exploit - Possible Emerging Worm Virus (P2P)

    Sources
    Original Exploit Warning :
    http://www.symantec.com/avcenter/security/Content/8205.html
    Details of Emerging Worm : http://isc.sans.org/diary.html?date=2003-08-09
    "BILLY" Worm Details : http://isc.sans.org/diary.html?date=2003-08-11

    Background
    Discovered in July 2003, the RPC exploit was identified by Microsoft as a
    High Risk for any NT based system (NT, XP, 2000, 2003). Patches were
    released at the time.

    Now, it would appear that early reports of an "in the wild" (as in not just
    theoretical experiments) use of the exploit have now been found.

    Symptoms
    The most obvious symptom for a EU is that their PC, while connected to the
    internet will suddenly receive a message stating that your PC is shutting
    down due to an administrator request from "NT AUTHORITY\SYSTEM".

    If this has occurred, the EU has contracted the virus.

    Technology
    The worm will affect any NT based system that is vunerable to the RPC
    exploit. After being infected it will "listen" on a specific port for
    further requests from users (read: hackers). This will leave the EU's PC
    open to access (files, confidential info, etc. could be read, deleted,
    removed, etc.)

    The PC will then spread the worm via a P2P (peer-to-peer) method via a
    random IP. It is not expected that it makes contact with IP addresses in the
    same range as it's own. It does not require specific software to spread
    (just a specific operating system).

    Resolution
    Recent service packs do NOT stop the spread of the worm - to do so requires
    the specific patch, listed in the exploit warning linked to above. The patch
    is unlikely to work correctly if installed over an existing infection, and
    will require either a reformat or a complex removal routine as the virus
    patches the exploit it uses.

    As an emerging worm, there is no current hard and fast fix. It is assumed
    virus scanning labs are working on resolutions now.

    --
    Mcploppy ©

    { Remove both MyShoes to email me}
    { Homepage: http://tinyurl.com/bbel }
    { Local Radio: http://tinyurl.com/j1vi }
    { Download Messenger 6 http://tinyurl.com/h7co }
    Mcploppy ©, Aug 11, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ant

    BT Openworld.

    Ant, Sep 29, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    594
  2. John

    Bt openworld Email

    John, Nov 13, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    3,336
    Trevor Smith
    Nov 13, 2003
  3. Chris

    BT Openworld problems

    Chris, Nov 26, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    861
    Alien Zord
    Nov 26, 2003
  4. Andy Archard

    Alcatel Speedtouch and Openworld Broadband

    Andy Archard, Jan 8, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    476
    Colin Meredith
    Jan 24, 2004
  5. Prashant

    BT Openworld Broadband Disconnects

    Prashant, Jan 17, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    2,100
    Harrison
    Jan 24, 2004
Loading...

Share This Page