A new version of the LoveSan Worm is on the loose!

Hardware, Software, Internet, etc.

Moderators: Big-O Ryan, Big-O Mark, Matt, jester22c

Post Reply
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:
Contact fuuucckkers

A new version of the LoveSan Worm is on the loose!

Post by fuuucckkers »

Kaspersky Labs, a leading expert in information security, has identified a new modification of the notorious Lovesan worm (also know as "Blaster").

Kaspersky Labs' experts anticipate that in the short run a repeated outbreak of the global scale may occur. This is because the two versions of "Lovesan" exploit the same vulnerability in Windows and may co-exist on the same computer. "In other words, all computers infected by the original "Lovesan" will soon be attacked by its revamped versio," commented Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Labs, "Taking into consideration that the amount of infected systems is now reaching 300,000 the return of the worm will imply a doubling of this number and lead to unpredictable results." In the worst case scenario the world community might face a global Internet slow-down and regional disruption of access to the World Wide Web: just as it happened in January 2003 due to the "Slammer" worm.

Technologically, the new modification of "Lovesan" is a copycat of the original. Slight changes were made only to the appearance of the worm: a new name of the main worm-carrier file (TEEKIDS.EXE instead of MSBLAST.EXE), a different method of code compression (FSG instead of UPX), and new "copyright" strings in the body of the worm abusing Microsoft and anti-virus developers.

Users of Kaspersky® Anti-Virus can be sure that this new worm will not harm to their computers. All Kaspersky Labs products effectively detect both modifications of "Lovesan", without requiring an update
Top
User avatar
tone
Fanatic
Fanatic
Posts: 236
Joined: Thu Sep 12, 2002 10:51 am
Location: New Jersey
Contact:
Contact tone

Post by tone »

WOW. The creator(s) os that worm must be proud. :roll:
tone
Top
Walker
Veteran
Veteran
Posts: 346
Joined: Sat Feb 15, 2003 10:04 pm
Contact:
Contact Walker

Post by Walker »

If We Have Patched Our Computers for the first version of the worm, are we still safe with that patch?
Top
User avatar
Robpol86
Veteran
Veteran
Posts: 475
Joined: Tue Dec 03, 2002 11:48 pm
Contact:
Contact Robpol86

Post by Robpol86 »

if u patched the RPC DCOM vulnerability with the patch fom microsoft, then ur safe

or get a firewall and block port 135
Top
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:
Contact fuuucckkers

Post by fuuucckkers »

Or if you're smart..and you disable the service within XP / 2000.. you're safe.

Or if you just block port 135...which is the port it uses to send out DDOS attacks against the WindowsUpdate.com servers.
Top
User avatar
Plasma2002b
Extreme Groupie
Extreme Groupie
Posts: 976
Joined: Thu Jul 18, 2002 11:36 pm
Location: Riverside, Ca
Contact:
Contact Plasma2002b

Post by Plasma2002b »

what service is it 'exactly' that ya gotta disable?
Image

its teh infamous life of brian gaut to teh max0r!
Top
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:
Contact fuuucckkers

Post by fuuucckkers »

RPC - Remote Procedure Call

MS also notes theirs another service called Remote Procedure Call (RPC) Locater .. and not to confuse the two.
Top
Post Reply

Return to “Totally Off-Topic Computers”

Who is online

Users browsing this forum: Ahrefs [Bot] and 1 guest