Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Be Carefull with a new worm spreading around

- - - - -

  • Please log in to reply
5 replies to this topic

#1
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
  • Joined 13-January 06
I wasn't infected nor seen any case of infection yet but everyone should be extra-careful as this new worm could spread using hole in rdp.
Here is the thread at MS Technet.
Description of this worm is there.
At this time most antivirus doesn't even detect it (so automatic removal isn't an option).


How to remove advertisement from MSFN

#2
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,817 posts
  • Joined 28-April 06
  • OS:Server 2012
  • Country: Country Flag

Donator

Would it be wise to block RDP ports on systems that aren't configured to use it, at least until a common fix is available for this worm?
MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
msfn2_zpsc37c7153.jpg

#3
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
  • Joined 13-January 06
Yes it would be very wise to filter at list from source ips and block when not needed.
Although MS say it use a dictionary attack on weak passwords, it seems it was able to spread on other system as well.
It seems almost every years (or so) a real bad worm spread in august (the only exception is conficker).

#4
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,817 posts
  • Joined 28-April 06
  • OS:Server 2012
  • Country: Country Flag

Donator

I was reading about this on Sophos, but they seem to be saying there is more talk about this than actual reported infections. Although that may be related to most scanners' inability to detect it.
MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
msfn2_zpsc37c7153.jpg

#5
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
  • Joined 13-January 06
Yes that might be true but anyway, being aware of such suspicious behavior might help avoid hours of diagnostic.

#6
ricktendo

ricktendo

    Group: Banned Members

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,307 posts
  • Joined 06-June 06
  • OS:Windows 7 x64
  • Country: Country Flag
I have a friend who got this recently

Edited by ricktendo64, 01 September 2011 - 05:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN