Imate Windows? Cast mi je da vas obavestim da imate backdoor

1

Imate Windows? Cast mi je da vas obavestim da imate backdoor

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23209
  • Gde živiš: Niš

Pre par dana je otkriven propust u servisu Remote Procedure Call, skraceno RPC, koji je po default-u ukljucen na sledecim Windowsima:
1) NT 4.0
2) NT 4.0 Terminal Services Edition
3) 2000
4) XP
5) Win 2003
Pomocu tog propusta svako moze da vam udje u kompjuter... dakle, cast mi je da vas obavestim da imate backdoor na kompjuteru Smile

Dok ovo citate, u najvece se prave programcici za ulazak u svaki NT bazirani Windows Smile
Hakeri su se setili odmah, i eto napisali i crva, koji hara internetom, mada, sinoc je izasao jos jedan crv, novi, koji takodje koristi ovu RuPiCu (skraceno RPC) Smile

E sad, da li ste vi ljudi svesni sta je potrebno da biste dobili crva ili da bi vam neko upao u komp?

Jedna stvar:
1) Da sa nekim od pomenutih Windowsa budete malo duze na internetu (recimo pola sata), dok vas crv ne nadje (skeniranjem IP ranga na portu 135)

Smile Very Happy Laughing

DAMN, eto ispunilo se moje prorocanstvo, MS je konacno uspeo da napravi OS-eve koji su busni samo tako, i da ih navuce na 80% PC-a.

Dobro dosli u slobodnu mrezu - sta danas imate interesantno na disku?

------- Linkovi --------

--Propust--
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp - patch za RPC
http://support.microsoft.com/?kbid=823980 - sve o rupi
http://www.microsoft.com/technet/treeview/default......03-026.asp - ako vam RPC pada
http://securityresponse.symantec.com/avcenter/security/Content/8205.html - isto

---W32.Blaster.Worm---
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html - Više informacija
http://securityresponse.symantec.com/avcenter/FixBlast.exe - Removal tool

---Worm.Win32.Lovesun---
http://us.mcafee.com/root/campaign.asp?cid=8340

p.s. Crvi su u stanju da zaraze lokalnu mrezu za 1h. Ako vam se kompovi resetuju - cestitam!
p.p.s. Vidim da su neki provajderi vec blokirali ovaj port...



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Pridružio: 26 Apr 2003
  • Poruke: 1947
  • Gde živiš: Srbija

Pola evrope me ja za ovo pitalo Smile
Koji je to haos bio Smile Ali u principu da se lako srediti i ocistit.
Izasle su vec prvi dan definicije za av.



offline
  • mire  Male
  • Elitni građanin
  • Pridružio: 18 Apr 2003
  • Poruke: 2282
  • Gde živiš: Beograd

pa to nema toliko veze sa antivirusom koliko sa samim windows-om. ms treba da izda patch ...

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23209
  • Gde živiš: Niš

pa izdao, tol'ko li si corav pa ne vidis link?

offline
  • SVITAC 
  • Legendarni građanin
  • Pridružio: 28 Apr 2003
  • Poruke: 5919
  • Gde živiš: Beograd

evo sta mi napisa win update server ...

HTTP/1.1 Server Too Busy ... heheheh .. sta ces rade ljudi ... -)

offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

Nisam ni mislio da ce ovako katastrofalno da se zavrsi posle par sati posle citanja vesti o jos jednom crvu. Brooooka. Neko se BAS dao u akciju snifanja.

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23209
  • Gde živiš: Niš

crvi snifuju puki...

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23209
  • Gde živiš: Niš

verat zatvorio port 135 Smile provereno Smile
inace, nije samo XP pogodjen, tu je celo NT stablo, od 4-ke

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23209
  • Gde živiš: Niš

haha, evo ga jos jedan crv, koji cepa i na mail :

-------------
Internet Security Pack

From:
"Microsoft" <uaykjxw812474@gixPvfDEsD.com>


To:
"Microsoft User" <>


Date:
Today 17:21:18


Microsoft User

this is the latest version of security update, the
"August 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.

System requirements:
Win 9x/Me/2000/NT/XP

This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later

Recommendation:
Customers should install the patch at the earliest opportunity.

How to install:
Run attached file. Click Yes on displayed dialog box.

How to use:
You don't need to do anything after installing this item.

Microsoft Technical Support is available at
http://support.microsoft.com/

For security-related information about Microsoft products,
please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security

Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp


Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

Thank you for using Microsoft products.

With friendly greetings,
Microsoft Internet Security Division
________________________________________
©2003 Microsoft Corporation. All rights reserved. The names of the actual companies
and products mentioned herein may be the trademarks of their respective owners.

Attached file: p400736.exe
-----------------

hakari maximalno iskoriscavaju ovu paniku i pometnju Smile

offline
  • SVITAC 
  • Legendarni građanin
  • Pridružio: 28 Apr 2003
  • Poruke: 5919
  • Gde živiš: Beograd

sta ces mutira mali .. mnogi serveri se privremeno salju u offline .. ovo nije rupa ovo je crna rupa u M$-u .. bilo je vreme da neko 'poradi' na tome ..
Mada mi je zao krajnjih korisnika .. ali je samarcina M$-u ...

Ko je trenutno na forumu
 

Ukupno su 954 korisnika na forumu :: 73 registrovanih, 7 sakrivenih i 874 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, _Petar, A.R.Chafee.Jr., arzak, Batinas, Ben Roj, Bobrock1, bozo13, Bubimir, Buda Baba, cemix, dAre1988, ddjxxi, Denaya, doklevise, dragan_mig31, dule10savic, eighty-one, elenemste, Fog of War, Gama, goran.vvv, havoc995, hyla, ikan, Ivica1102, JOntra, kokodakalo, krkalon, krlebgd77, laze2, loon123, MarKhan, menges, mergus, Milan A. Nikolic, mile23, mkukoleca, mnn2, nenad81, Niko Bitan, Niske, novator, Paor, PEGIN, peruni, Petarvu, pirke96, Pomorac1, Profica, proka89, promajauglavi, Rocker, ruma, sakota79, savaskytec, saxone, SerbFlippy, shaja1, Sirius, srbijaiznadsvega, Stoilkovic, tanakadzo, Toni, tubular, Vatrogasaccc, Vlad000, Vlada1389, Voja1978, zdrebac, |_MeD_|, šumar bk2