|
Poslao: 13 Avg 2003 11:31
|
offline
- Peca
- Glavni Administrator
- Predrag Damnjanović
- SysAdmin i programer
- Pridružio: 17 Apr 2003
- Poruke: 23211
- Gde živiš: Niš
|
Pre par dana je otkriven propust u servisu Remote Procedure Call, skraceno RPC, koji je po default-u ukljucen na sledecim Windowsima:
1) NT 4.0
2) NT 4.0 Terminal Services Edition
3) 2000
4) XP
5) Win 2003
Pomocu tog propusta svako moze da vam udje u kompjuter... dakle, cast mi je da vas obavestim da imate backdoor na kompjuteru 
Dok ovo citate, u najvece se prave programcici za ulazak u svaki NT bazirani Windows
Hakeri su se setili odmah, i eto napisali i crva, koji hara internetom, mada, sinoc je izasao jos jedan crv, novi, koji takodje koristi ovu RuPiCu (skraceno RPC)
E sad, da li ste vi ljudi svesni sta je potrebno da biste dobili crva ili da bi vam neko upao u komp?
Jedna stvar:
1) Da sa nekim od pomenutih Windowsa budete malo duze na internetu (recimo pola sata), dok vas crv ne nadje (skeniranjem IP ranga na portu 135)
 
DAMN, eto ispunilo se moje prorocanstvo, MS je konacno uspeo da napravi OS-eve koji su busni samo tako, i da ih navuce na 80% PC-a.
Dobro dosli u slobodnu mrezu - sta danas imate interesantno na disku?
------- Linkovi --------
--Propust--
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp - patch za RPC
http://support.microsoft.com/?kbid=823980 - sve o rupi
http://www.microsoft.com/technet/treeview/default......03-026.asp - ako vam RPC pada
http://securityresponse.symantec.com/avcenter/security/Content/8205.html - isto
---W32.Blaster.Worm---
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html - Više informacija
http://securityresponse.symantec.com/avcenter/FixBlast.exe - Removal tool
---Worm.Win32.Lovesun---
http://us.mcafee.com/root/campaign.asp?cid=8340
p.s. Crvi su u stanju da zaraze lokalnu mrezu za 1h. Ako vam se kompovi resetuju - cestitam!
p.p.s. Vidim da su neki provajderi vec blokirali ovaj port...
|
|
|
|
|
Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
|
|
|
Poslao: 13 Avg 2003 11:42
|
offline
- SerbianFighter
- Elitni građanin
- Pridružio: 26 Apr 2003
- Poruke: 1947
- Gde živiš: Srbija
|
Pola evrope me ja za ovo pitalo
Koji je to haos bio Ali u principu da se lako srediti i ocistit.
Izasle su vec prvi dan definicije za av.
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 14:24
|
offline
- mire
- Elitni građanin
- Pridružio: 18 Apr 2003
- Poruke: 2282
- Gde živiš: Beograd
|
pa to nema toliko veze sa antivirusom koliko sa samim windows-om. ms treba da izda patch ...
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 14:28
|
offline
- Peca
- Glavni Administrator
- Predrag Damnjanović
- SysAdmin i programer
- Pridružio: 17 Apr 2003
- Poruke: 23211
- Gde živiš: Niš
|
pa izdao, tol'ko li si corav pa ne vidis link?
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 16:20
|
offline
- SVITAC
- Legendarni građanin
- Pridružio: 28 Apr 2003
- Poruke: 5919
- Gde živiš: Beograd
|
evo sta mi napisa win update server ...
HTTP/1.1 Server Too Busy ... heheheh .. sta ces rade ljudi ... -)
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 17:12
|
offline
- Puky
- Scottish rebel
- Pridružio: 18 Apr 2003
- Poruke: 5815
- Gde živiš: u Zmajevom gnjezdu
|
Nisam ni mislio da ce ovako katastrofalno da se zavrsi posle par sati posle citanja vesti o jos jednom crvu. Brooooka. Neko se BAS dao u akciju snifanja.
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 17:24
|
offline
- Peca
- Glavni Administrator
- Predrag Damnjanović
- SysAdmin i programer
- Pridružio: 17 Apr 2003
- Poruke: 23211
- Gde živiš: Niš
|
crvi snifuju puki...
|
|
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 18:02
|
offline
- Peca
- Glavni Administrator
- Predrag Damnjanović
- SysAdmin i programer
- Pridružio: 17 Apr 2003
- Poruke: 23211
- Gde živiš: Niš
|
haha, evo ga jos jedan crv, koji cepa i na mail :
-------------
Internet Security Pack
From:
"Microsoft" <uaykjxw812474@gixPvfDEsD.com>
To:
"Microsoft User" <>
Date:
Today 17:21:18
Microsoft User
this is the latest version of security update, the
"August 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.
System requirements:
Win 9x/Me/2000/NT/XP
This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later
Recommendation:
Customers should install the patch at the earliest opportunity.
How to install:
Run attached file. Click Yes on displayed dialog box.
How to use:
You don't need to do anything after installing this item.
Microsoft Technical Support is available at
http://support.microsoft.com/
For security-related information about Microsoft products,
please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security
Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp
Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.
Thank you for using Microsoft products.
With friendly greetings,
Microsoft Internet Security Division
________________________________________
©2003 Microsoft Corporation. All rights reserved. The names of the actual companies
and products mentioned herein may be the trademarks of their respective owners.
Attached file: p400736.exe
-----------------
hakari maximalno iskoriscavaju ovu paniku i pometnju
|
|
|
|
|
|
|
Poslao: 13 Avg 2003 18:22
|
offline
- SVITAC
- Legendarni građanin
- Pridružio: 28 Apr 2003
- Poruke: 5919
- Gde živiš: Beograd
|
sta ces mutira mali .. mnogi serveri se privremeno salju u offline .. ovo nije rupa ovo je crna rupa u M$-u .. bilo je vreme da neko 'poradi' na tome ..
Mada mi je zao krajnjih korisnika .. ali je samarcina M$-u ...
|
|
|
|
|
|
