[NEWS] Hacker code could unleash Windows worm

Discussion in 'Computer Security' started by The Other Guy, Jul 27, 2003.

  1. http://news.com.com/2100-1002_3-5055759.html

    A hacker group released code designed to exploit a widespread Windows
    flaw, paving the way for a major worm attack as soon as this weekend,
    security researchers warned.

    The warning came Friday, after hackers from the Chinese X Focus
    security group forwarded source code to several public security lists.
    The code is for a program designed to allow an intruder to enter
    Windows computers.

    The X Focus program takes advantage of a hole in the Microsoft
    operating system that lets attackers break in remotely. The flaw has
    been characterized by some security experts as the most widespread
    ever found in Windows
    (http://news.com.com/2100-1009-1026420.html?tag=nl)
    ....

    Reproduced in: http://www.securitynewsportal.com/index.shtml

    --
    ../configure --prefix=~/zyterion
    Not this guy or that guy, The Other Guy.

    "If you're not thoroughly confused by now, then you just
    don't understand the situation."
    The Other Guy, Jul 27, 2003
    #1
    1. Advertising

  2. The Other Guy

    Lord Shaolin Guest

    Lord Shaolin, Jul 28, 2003
    #2
    1. Advertising

  3. In article <>, The Other Guy
    <> wrote:
    >
    >http://news.com.com/2100-1002_3-5055759.html
    >
    >A hacker group released code designed to exploit a widespread Windows
    >flaw, paving the way for a major worm attack as soon as this weekend,
    >security researchers warned.


    Just for information's sakes, the hole for this exploit has been patched,
    and anything close to capable of being called a firewall will block the
    attack.

    Yet another call to the world to download patches, update your machines, and
    make sure you're behind a firewall. Wouldn't it be nice if the CNet article
    bothered to mention this simple security measure? Honestly, it's as if they
    _want_ people to panic and scream curses.

    Alun.
    ~~~~

    [Please don't email posters, if a Usenet response is appropriate.]
    --
    Texas Imperial Software | Find us at http://www.wftpd.com or email
    1602 Harvest Moon Place | .
    Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
    Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
    Alun Jones [MS MVP], Jul 28, 2003
    #3
  4. On Mon, 28 Jul 2003 02:00:49 GMT, The Other Guy responded to a post
    from (Alun Jones [MS MVP]) who wrote in
    alt.computer.security:

    >In article <>, The Other Guy
    ><> wrote:
    >>
    >>http://news.com.com/2100-1002_3-5055759.html
    >>
    >>A hacker group released code designed to exploit a widespread Windows
    >>flaw, paving the way for a major worm attack as soon as this weekend,
    >>security researchers warned.

    >
    >Just for information's sakes, the hole for this exploit has been patched,
    >and anything close to capable of being called a firewall will block the
    >attack.
    >
    >Yet another call to the world to download patches, update your machines, and
    >make sure you're behind a firewall. Wouldn't it be nice if the CNet article
    >bothered to mention this simple security measure? Honestly, it's as if they
    >_want_ people to panic and scream curses.
    >
    >Alun.


    Good point, Alun, about the patches, and that was my main intention in
    posting this news release was to give a subtle reminder to the readers
    in these N/Gs that if they haven't patched they may be in trouble
    soon. Also why I included a link to the previous public news release
    (http://news.com.com/2100-1009-1026420.html?tag=nl) dated July 15th..

    In security portals it has been discussed a lot in the last couple of
    weeks (Buffer Overrun In RPC Interface Could Allow Code Execution);
    indeed, http://isc.incidents.org/ has been giving a "Last Chance" to
    patch "to avoid becoming a victim to RPC exploits in the works now.
    Block" warning for several days.

    Exploit reported by http://lsd-pl.net/special.html

    Patch available at
    http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

    And CNN news cause the public to act hysterical as a result of its
    sensational reporting, i just can't believe it </sarcasm> ;-)

    Cheers,
    TOG

    --
    ../configure --prefix=~/zyterion
    Not this guy or that guy, The Other Guy.

    "If you're not thoroughly confused by now, then you just
    don't understand the situation."
    The Other Guy, Jul 28, 2003
    #4
  5. The Other Guy

    Bit Twister Guest

    On Mon, 28 Jul 2003 02:00:49 GMT, Alun Jones [MS MVP] wrote:

    > Wouldn't it be nice if the CNet article
    > bothered to mention this simple security measure? Honestly, it's as if they
    > _want_ people to panic and scream curses.


    I hear where you are at, but if the panic could get into the
    tv/radio/newpaper maybe the public would get their updates. I cannot
    believe I still get Code Red probes.
    Bit Twister, Jul 28, 2003
    #5
  6. The Other Guy

    Neb Revod Guest

    In article <I58Va.526$>,
    says...
    > In article <>, Neb Revod
    > <> wrote:
    > >You called it, spot on, my friend. The IDS has logged a huge spike in
    > >attempts at ports 445 and 139 since early yesterday.
    > >
    > >I've been away from the mainstream media for the last couple of days, so
    > >I won't be surprised to hear that its flooded with "the sky is falling"
    > >reporting.

    >
    > Oh-so-balanced an observation on the hysterical basis of our current media
    > choices, followed by a hysterical note of your own:
    >
    > >It ought to be some kind of crime, albeit a minor one perhaps, to
    > >operate a system that still has these vulnerabilities.

    >
    > More appropriate would be to make it a crime to connect to the Internet
    > without a firewall.


    Fair enough, though I hardly feel like my comment qualifies as
    hysterical. I firmly believe that the irresponsibility of operating an
    unsercured system connected to the net borders on criminal.
    Neb Revod, Jul 28, 2003
    #6
  7. The Other Guy

    Mike Guest

    On Mon, 28 Jul 2003 12:50:06 -0700, Neb Revod
    <> wrote:

    >In article <I58Va.526$>,
    > says...
    >> In article <>, Neb Revod
    >> <> wrote:
    >> >You called it, spot on, my friend. The IDS has logged a huge spike in
    >> >attempts at ports 445 and 139 since early yesterday.
    >> >
    >> >I've been away from the mainstream media for the last couple of days, so
    >> >I won't be surprised to hear that its flooded with "the sky is falling"
    >> >reporting.

    >>
    >> Oh-so-balanced an observation on the hysterical basis of our current media
    >> choices, followed by a hysterical note of your own:
    >>
    >> >It ought to be some kind of crime, albeit a minor one perhaps, to
    >> >operate a system that still has these vulnerabilities.

    >>
    >> More appropriate would be to make it a crime to connect to the Internet
    >> without a firewall.

    >
    >Fair enough, though I hardly feel like my comment qualifies as
    >hysterical. I firmly believe that the irresponsibility of operating an
    >unsercured system connected to the net borders on criminal.


    Is leaving your house unlocked a criminal act?

    Instead of punishing the innocents, why not go after those who are
    breaking into systems and stealing the system resources?
    Mike, Jul 29, 2003
    #7
  8. The Other Guy

    sigsegv Guest

    Mike wrote:

    > On Mon, 28 Jul 2003 12:50:06 -0700, Neb Revod
    > <> wrote:
    >
    >>In article <I58Va.526$>,
    >> says...
    >>> In article <>, Neb
    >>> Revod <> wrote:
    >>> >You called it, spot on, my friend. The IDS has logged a huge spike in
    >>> >attempts at ports 445 and 139 since early yesterday.
    >>> >
    >>> >I've been away from the mainstream media for the last couple of days,
    >>> >so I won't be surprised to hear that its flooded with "the sky is
    >>> >falling" reporting.
    >>>
    >>> Oh-so-balanced an observation on the hysterical basis of our current
    >>> media choices, followed by a hysterical note of your own:
    >>>
    >>> >It ought to be some kind of crime, albeit a minor one perhaps, to
    >>> >operate a system that still has these vulnerabilities.
    >>>
    >>> More appropriate would be to make it a crime to connect to the Internet
    >>> without a firewall.

    >>
    >>Fair enough, though I hardly feel like my comment qualifies as
    >>hysterical. I firmly believe that the irresponsibility of operating an
    >>unsercured system connected to the net borders on criminal.

    >
    > Is leaving your house unlocked a criminal act?


    No, but leaving your house unlocked will not cause every other house in the
    street to be burned down or burgled.

    > Instead of punishing the innocents, why not go after those who are
    > breaking into systems and stealing the system resources?
    sigsegv, Jul 30, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dougga

    Investigating Hacker, Worm, or Backdoor

    dougga, Nov 8, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    449
    dougga
    Nov 8, 2004
  2. Au79
    Replies:
    0
    Views:
    374
  3. Russell Smithies

    idiot blaster worm hacker caught :-)

    Russell Smithies, Sep 1, 2003, in forum: NZ Computing
    Replies:
    10
    Views:
    487
    Robert Kramer
    Sep 1, 2003
  4. Replies:
    0
    Views:
    284
  5. Replies:
    3
    Views:
    446
    Whiskers
    Apr 2, 2008
Loading...

Share This Page