A very nasty worm has been going around, causing system reboots.
Blatantly copied from www.sophos.com:
W32/Blaster-A is a worm that uses the internet to exploit the DCOM vulnerability in the RPC (Remote Procedure Call) service. The DCOM vulnerability was first reported by Microsoft in mid-July. This worm does not use email to spread.
Targeted computers include the following Microsoft operating systems:
Windows NT 4.0
Windows NT 4.0 Terminal Services Edition
Windows XP
Windows Server 2003
(On Windows XP the exploit can accidentally cause the remote RPC service to terminate. This causes the Windows XP machine to reboot).
Windows 95/98/Me computers, which don't run an RPC service or have a TFTP client (default setting), are not at risk.
On finding a vulnerable computer system, the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe in the Windows system folder.
Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from www.microsoft.com/technet...3-026.asp.
From 16 August 2003, one month after the security patch was posted, the worm is programmed to launch a distributed denial-of-service attack on windowsupdate.com, which may severely impact access to the website Microsoft uses to distribute security patches.
Additionally the worm creates the following registry entry so as to run on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update
The worm contains the following text, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
Grab the patch from:
http://www.microsoft.com/technet/security/...in/MS03-026.asp
or, if you'd prefer a 3rd party download location:
http://wcts.whitman.edu/ms03-026.html
Sorry if this is spammish, but I figured some of ya might find use in this.
Blatantly copied from www.sophos.com:
W32/Blaster-A is a worm that uses the internet to exploit the DCOM vulnerability in the RPC (Remote Procedure Call) service. The DCOM vulnerability was first reported by Microsoft in mid-July. This worm does not use email to spread.
Targeted computers include the following Microsoft operating systems:
Windows NT 4.0
Windows NT 4.0 Terminal Services Edition
Windows XP
Windows Server 2003
(On Windows XP the exploit can accidentally cause the remote RPC service to terminate. This causes the Windows XP machine to reboot).
Windows 95/98/Me computers, which don't run an RPC service or have a TFTP client (default setting), are not at risk.
On finding a vulnerable computer system, the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe in the Windows system folder.
Microsoft issued a patch for the vulnerability exploited by this worm on July 16, 2003. The patch is available from www.microsoft.com/technet...3-026.asp.
From 16 August 2003, one month after the security patch was posted, the worm is programmed to launch a distributed denial-of-service attack on windowsupdate.com, which may severely impact access to the website Microsoft uses to distribute security patches.
Additionally the worm creates the following registry entry so as to run on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update
The worm contains the following text, which does not get displayed:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
Grab the patch from:
http://www.microsoft.com/technet/security/...in/MS03-026.asp
or, if you'd prefer a 3rd party download location:
http://wcts.whitman.edu/ms03-026.html
Sorry if this is spammish, but I figured some of ya might find use in this.