Page 1 of 3 123 LastLast
Results 1 to 16 of 34

Thread: Have you done all of your windows updates ?

  1. #1
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like 1:: (IPv6 version)
    Posts
    10,602
    Thanks
    50
    Thanked
    368 times in 302 posts

    Have you done all of your windows updates ?

    Or made sure your firewall is working ?

    if not, you might be in for a rough ride
    and here's why

    Sasser
    New Worm Spreads without User Interaction
    Severity: Medium
    (May elevate to high in the next few days)
    1 May, 2004

    About the Virus
    Beginning Friday evening a new worm called Sasser (technically known as W32/Sasser.worm) began spreading on the Internet. Like previous worms (such as Slammer, and to some extent, CodeRed and Nimda), Sasser relies on exploiting a recent flaw in Microsoft Windows to spread. If the worm finds a computer vulnerable to the specific Windows flaw, it infects that PC without any user interaction. Worms like Sasser that require no user interaction tend to spread wildly. The good news is that if you have kept up to date with the Microsoft patches , Sasser should pass you by.

    What It Does
    Unlike most worms, Sasser does not rely on email to spread. Instead, the worm attempts to connect to random victims on TCP port 445 and exploits a Microsoft Windows vulnerability we described in an April 13 alert (specifically MS04-011). Its name arises from the fact that it exploits a buffer overflow in LSASS (Local Security Authority Server Service) .

    If the exploit is successful, the worm downloads a copy of itself to your machine and adds the file "avserve.exe" to the default Windows directory. The worm also adjusts the registry to ensure that it can restart the next time you reboot. In fact, using a special Windows API, AbortSystemShutdown, Sasser makes it difficult to restart or shut down your PC.

    Finally, Sasser installs an FTP server on your computer, running on TCP port 5554 so that your machine can deliver the worm to others.

    Once installed on a victim machine, Sasser repeats the entire process by randomly scanning IP addresses on port 445, searching for exploitable machines. Out of the randomly scanned IPs, 50% are totally random, 25% have the same first octet as your IP address and the last 25% have the same first two octets as your IP address. This helps Sasser to spread efficiently both on the Internet and within your local network.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  2. #2
    Rank Bajin
    Join Date
    Jul 2003
    Location
    Hemel/St Albans
    Posts
    1,163
    Thanks
    0
    Thanked
    4 times in 4 posts
    Nope, I haven't done any updates. I don't need too. That's BSD for you.

  3. #3
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like 1:: (IPv6 version)
    Posts
    10,602
    Thanks
    50
    Thanked
    368 times in 302 posts
    What You Should Know About the Sasser Worm
    Posted: May 1, 2004





    Microsoft teams and law enforcement authorities are investigating reports of a worm, identified as W32.Sasser.worm, that is currently circulating on the Internet. Microsoft has verified that the worm exploits the Local Security Authority Subsystem Service (LSASS) issue fixed in Microsoft Security Update MS04-011 on April 13, 2004.


    Products Affected by This Worm
    Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, and Windows 2000 Service Pack 4
    Windows XP and Windows XP Service Pack 1
    Windows XP 64-bit Edition Service Pack 1

    Products Not Affected by This Worm
    Windows NT 4.0 Service Pack 6a
    Windows XP 64-Bit Edition Version 2003
    Windows Server 2003
    Windows Server 2003 64-Bit Edition



    How to Tell If Your Computer Is Infected
    If your computer is infected with W32.Sasser.worm, you may see a dialog box with text that refers to LSASS.exe. Some customers whose computers have been infected may not notice the presence of the worm at all, while others who are not infected may experience problems because the worm is attempting to attack their computer. Typical symptoms may include systems rebooting every few minutes without user input.


    Mitigation Steps for Affected Computers
    If your computer is infected with the W32.Sasser.worm, please do the following:

    Enable the Windows XP Internet Connection Firewall or a third-party firewall on the affected computer.
    Disconnect the computer from the Internet.
    Restart the computer. If you have problems rebooting, reboot in safe mode.
    Press CTRL+ALT+DEL.
    Click the Task Manager.
    Click the Processes tab.
    Press and hold the CTRL key and then click C:\WINDOWS\avserve.exe and c:\WINDOWS\system32\*_up.exe.
    Click the End Task button.
    Click Start.
    Click Search and then search for and delete the following files:
    C:\WINDOWS\avserve.exe
    C:\WINDOWS\system32\*_up.exe
    Click Start again, click Run, and then type: regedit32
    Click OK.
    In Registry Editor, locate and delete the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "avserve.exe" = C:\WINDOWS\avserve.exe
    Connect the computer to the Internet.
    Go to the Windows Update site, and click the Scan for Updates button.
    Download and install the critical updates recommended after the scan.

    Preventive Steps for Home Users
    Customers can protect against this worm by installing Microsoft Security Update MS04-011 immediately.

    If you have a computer with Windows XP and have enabled the Windows XP Firewall, you are protected from attacks by this worm. Also, most third-party firewalls will block this attack.
    the above quote is form a news alert issued buy http://bink.nu ( a very credible source for windows news )

    The First quote is from the watchguard livesecurity update - this is not a drill folks
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  4. #4
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like 1:: (IPv6 version)
    Posts
    10,602
    Thanks
    50
    Thanked
    368 times in 302 posts
    Quote Originally Posted by headbrace
    Nope, I haven't done any updates. I don't need too. That's BSD for you.
    which is why I said windows updates if you were applying MS patches to a BSD box I'd have serious concerns for your sanity
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  5. #5
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like 1:: (IPv6 version)
    Posts
    10,602
    Thanks
    50
    Thanked
    368 times in 302 posts
    If you have been affected by this worm , you'll find a removal tool here:

    http://www.microsoft.com/downloads/d...DisplayLang=en
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  6. #6
    Spodes Henchman unrealrocks's Avatar
    Join Date
    Aug 2003
    Location
    Nottingham UK
    Posts
    2,390
    Thanks
    3
    Thanked
    2 times in 2 posts
    I just leave updates for virus, windows etc. all on auto so it just does it. PC Cillin did tell me that there was this virus going round in the wild last night though.

    G4 PowerMac - Tiger 10.4 - 512MB RAM
    MacBook - 2Ghz - 1GB RAM - 120GB HDD

    Rotel RC970BX | DBX DriveRack |2x Rotel RB850
    B&W DM640i | Velodyne 1512

  7. #7
    Drop it like it's hot Howard's Avatar
    Join Date
    Jul 2003
    Location
    Surrey, South East
    Posts
    11,731
    Thanks
    14
    Thanked
    42 times in 39 posts
    • Howard's system
      • Motherboard:
      • Asus P5B
      • CPU:
      • Core2Duo E6420 2.13GHz
      • Memory:
      • 2x1gb OCZ DDR2 6400
      • Storage:
      • 250GB & 500GB Seagate
      • Graphics card(s):
      • Inno3d iChill 7900GS
      • PSU:
      • Antec SmartPower 500W
      • Case:
      • Coolermaster Elite 330
      • Monitor(s):
      • 2x AG Neovo F419
      • Internet:
      • Virgin Media 20mbit
    I'm always up to date

    My mate had this worm yesterday though... Lol
    Home cinema: Toshiba 42XV555DB Full HD LCD | Onkyo TX-SR705 | NAD C352 | Monitor Audio Bronze B2 | Monitor Audio Bronze C | Monitor Audio Bronze BFX | Yamaha NSC120 | BK Monolith sub | Toshiba HD-EP35 HD-DVD | Samsung BD-P1400 BluRay Player | Pioneer DV-575 | Squeezebox3 | Virgin Media V+ Box
    PC: Asus P5B | Core2duo 2.13GHz | 2GB DDR2 PC6400 | Inno3d iChill 7900GS | Auzentech X-Plosion 7.1 | 250GB | 500GB | NEC DVDRW | Dual AG Neovo 19"
    HTPC: | Core2Duo E6420 2.13GHz | 2GB DDR2 | 250GBx2 | Radeon X1300 | Terratec Aureon 7.1 | Windows MCE 2005
    Laptop: 1.5GHz Centrino | 512MB | 60GB | 15" Wide TFT | Wifi | DVDRW


  8. #8
    Senior Member Kezzer's Avatar
    Join Date
    Sep 2003
    Posts
    4,863
    Thanks
    12
    Thanked
    5 times in 5 posts
    /me strokes linux firewall

  9. #9
    Rank Bajin
    Join Date
    Jul 2003
    Location
    Hemel/St Albans
    Posts
    1,163
    Thanks
    0
    Thanked
    4 times in 4 posts
    /remembers to read thread thoroughly before posting

    I'll get me goat.

  10. #10
    Member
    Join Date
    Jul 2003
    Posts
    139
    Thanks
    0
    Thanked
    0 times in 0 posts
    /me strokes linux

  11. #11
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,426
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by headbrace
    /remembers to read thread thoroughly before posting

    I'll get me goat.
    here you go matey...



    **** knows how the old boy managed to get to Australia in that time
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  12. #12
    Sublime HEXUS.net
    Join Date
    Jul 2003
    Location
    The Void.. Floating
    Posts
    11,819
    Thanks
    213
    Thanked
    233 times in 160 posts
    • Stoo's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2*Xeon 5450 @ 2.8GHz, 12MB Cache
      • Memory:
      • 32GB 1600MHz FBDIMM
      • Storage:
      • ~ 2.5TB + 4TB external array
      • Graphics card(s):
      • ATI Radeon HD 4870
      • Case:
      • Mac Pro
      • Operating System:
      • OS X 10.7
      • Monitor(s):
      • 24" Samsung 244T Black
      • Internet:
      • Zen Max Pro
    *snigger*

    Always make sure you've got enough RAM for your system?
    (\__/)
    (='.'=)
    (")_(")

  13. #13
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,426
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by Stoo
    *snigger*

    Always make sure you've got enough RAM for your system?
    this is the funniest post in the world ever.
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  14. #14
    Sublime HEXUS.net
    Join Date
    Jul 2003
    Location
    The Void.. Floating
    Posts
    11,819
    Thanks
    213
    Thanked
    233 times in 160 posts
    • Stoo's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2*Xeon 5450 @ 2.8GHz, 12MB Cache
      • Memory:
      • 32GB 1600MHz FBDIMM
      • Storage:
      • ~ 2.5TB + 4TB external array
      • Graphics card(s):
      • ATI Radeon HD 4870
      • Case:
      • Mac Pro
      • Operating System:
      • OS X 10.7
      • Monitor(s):
      • 24" Samsung 244T Black
      • Internet:
      • Zen Max Pro
    Sorry.. *skulks off*
    (\__/)
    (='.'=)
    (")_(")

  15. #15
    Vive le pants! directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,012
    Thanks
    216
    Thanked
    1,007 times in 662 posts
    • directhex's system
      • Motherboard:
      • MSI X99A Gaming 7
      • CPU:
      • Intel Core i7 5280k
      • Memory:
      • 32GiB ADATA DDR4
      • Storage:
      • Corsair Neutron XT 960GB
      • Graphics card(s):
      • MSI GTX 980 Gaming 4G Twin Frozr 5
      • PSU:
      • Corsair AX860i
      • Case:
      • NZXT H440
      • Operating System:
      • Ubuntu 16.04, Windows 10
      • Monitor(s):
      • Dell U2713HM
    C:\Documents and Settings\directhex>apt-get upgrade
    'apt-get' is not recognized as an internal or external command,
    operable program or batch file.

    no worky, moby

  16. #16
    Beard hat ftw! steve threlfall's Avatar
    Join Date
    Jul 2003
    Location
    West Midlands
    Posts
    6,743
    Thanks
    302
    Thanked
    192 times in 123 posts
    • steve threlfall's system
      • Motherboard:
      • Gigabyte Z77-D3H
      • CPU:
      • Core i5-3570K
      • Memory:
      • 8GB Corsair Vengeance DDR3
      • Storage:
      • Samsung 830 256
      • Graphics card(s):
      • Radeon HD6870
      • PSU:
      • Corsair HX750
      • Case:
      • Antec P280
      • Operating System:
      • Windows 7 Home Premium 64bit
      • Monitor(s):
      • Dell 2407 WFP 24" Widescreen, Rev A04
      • Internet:
      • Virgin 120/12 mb
    Quote Originally Posted by Stoo
    *snigger*

    Always make sure you've got enough RAM for your system?

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Windows Updates?
    By Jimmy Little in forum Software
    Replies: 2
    Last Post: 19-04-2004, 01:41 PM
  2. Windows (Critical) Updates
    By jonathan_phang in forum Software
    Replies: 4
    Last Post: 06-04-2004, 12:21 AM
  3. Windows Security Update CD
    By XTR in forum General Discussion
    Replies: 2
    Last Post: 19-02-2004, 11:16 AM
  4. Windows XP Email?
    By joshwa in forum Software
    Replies: 9
    Last Post: 18-01-2004, 09:38 AM
  5. Windows Update flaw 'left PCs open' to MSBlast
    By Bunjiweb in forum Software
    Replies: 10
    Last Post: 19-08-2003, 02:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •