| Pages: [1] 2 :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Skel
   |
Posted - 2003.08.12 13:30:00 -
[1]
This was posted on eve-i.com but I dont believe it. I believe the virus was caused by Eve or an in game eve website and they are trying to cover it up
This is not Eve related news but I thought it worthy a mention here because a lot of people seem to be thinking this particular problem is caused by Eve.
Symantec calls it W32.Blaster.Worm - follow the link below to their site for info on it - a removal tool can also be found there.
Microsoft posted an update for this on their site - follow the link below
It is recommended to run Windows Update to download all critical patches and also to update your antivirus definition files ASAP.
edit __kreischweide: Symantec also offers a small removal tool for this virus, follow the link below.
I have a dedicated EVE machine which i do not use to surf the web or download. I only play EVE on it and somehow mysteriously I got a virus which destroyed all applications and forced me to format. Not only that but a number of players in EVE now have the same virus
|
Jarjar
|
Posted - 2003.08.12 13:31:00 -
[2]
No, this is *not* related to EVE.
The worm infected your machine because you're running an unpatched OS without a firewall, which means your port 135 (TCP/UDP) is open to exploit.
|
Skel
|
Posted - 2003.08.12 13:33:00 -
[3]
I was running a firewall though :P
|
Iece Quaan
|
Posted - 2003.08.12 13:37:00 -
[4]
 Quote:
No, this is *not* related to EVE.
The worm infected your machine because you're running an unpatched OS without a firewall, which means your port 135 (TCP/UDP) is open to exploit.
side note: don't know what ports eve uses, but I seriously doubt it's 135. even if it is, you firewall shouldn't accept requests from 135 that aren't from an eve server.
--------
|
pred ator
|
Posted - 2003.08.12 13:37:00 -
[5]
then you didn't have it running at the time, or you allready had a trojan on your pc. or it's not configured right.
read manuals.. it saves lives..  |
nonsequitur
|
Posted - 2003.08.12 13:41:00 -
[6]
even if you were using a firewall, if you were not activly blocking trafic UDP/TCP to the ports that were exploited, it does not matter. You will get attacked. It is not eve related. It is DCOM/RPC related.
|
ROFL
|
Posted - 2003.08.12 13:42:00 -
[7]
Eve uses port 26000. Same as Quake.
|
DREAMWORKS
|
Posted - 2003.08.12 13:44:00 -
[8]
Quote:
This was posted on eve-i.com but I dont believe it. I believe the virus was caused by Eve or an in game eve website and they are trying to cover it up
This is not Eve related news but I thought it worthy a mention here because a lot of people seem to be thinking this particular problem is caused by Eve.
Symantec calls it W32.Blaster.Worm - follow the link below to their site for info on it - a removal tool can also be found there.
Microsoft posted an update for this on their site - follow the link below
It is recommended to run Windows Update to download all critical patches and also to update your antivirus definition files ASAP.
edit __kreischweide: Symantec also offers a small removal tool for this virus, follow the link below.
I have a dedicated EVE machine which i do not use to surf the web or download. I only play EVE on it and somehow mysteriously I got a virus which destroyed all applications and forced me to format. Not only that but a number of players in EVE now have the same virus
Its the new windows virus, and can be spread by ANY unupdated site, computer, server, whatever.
__________________________
http://www.nin.com/visuals/thtf_hi.html |
Skel
|
Posted - 2003.08.12 13:44:00 -
[9]
Ya, your right it must have leaked in somehow elsewhere. God this sucks because even my virus program is getting screwed by it. OH well so much for Eve. I knew this would happen one day but unforunately for me i have no OS disk or any of my drivers, they were all lost in a fire.
|
Judicator
|
Posted - 2003.08.12 13:45:00 -
[10]
EVE Online - The Second Scapegoat.
Nuff said.
"I have tried for months and months to make m0o the most hated, the most despised corp in the galaxy and what happens? A stack of muppets named TTI comes along and just basically urinates on my bonfire."
Stavr0s
|
Jarjar
|
Posted - 2003.08.12 13:53:00 -
[11]
Quote:
Quote:
No, this is *not* related to EVE.
The worm infected your machine because you're running an unpatched OS without a firewall, which means your port 135 (TCP/UDP) is open to exploit.
side note: don't know what ports eve uses, but I seriously doubt it's 135. even if it is, you firewall shouldn't accept requests from 135 that aren't from an eve server.
No, it's a port used by windows, also used by the exploit... Which is why it shouldn't be open.
If you (reading this) have a firewall installed/router/anything, block the ports 135, 137, 138, 139, 445 to start with.
|
plur
|
Posted - 2003.08.12 13:53:00 -
[12]
Windows gave me a virus!!!!!!
Winamp is really a trojan! dont download it!
Dont use SMS phone sites! they will give you a virus and make your phone screen stop working!
Worlds nastiest virus makes your monitor explode!
HAckers LOVE hackjing into 56k dialup users machines and messing up their 1337 computers! and they all have the jovian disease!
CCP carries out experiments on llamas to make EVE!
We all gonna dieeeeeeeeeeeee!
ahem.
so.. hows AOL 8? 
|
Multi
|
Posted - 2003.08.12 13:58:00 -
[13]
aye simple reason for infection is : well this worm does not use the normal methods of transport like most worms(email,downloads,etc) it looks for open filesharing (i think i remberd that port correctly) and infects them files and once thier run it starts looking for more open file shares, not just on local network but outside connection.
filesharing = on most networks thier is a form of filesharing that allows users to remotely connect to files on other peoples pc....
could be totaly wrong about what i just said btw this is what ive just got from clipts around the web and what people have said. ;0
|
Jamella Sykora
|
Posted - 2003.08.12 14:03:00 -
[14]
The exploit you speak of can use *ANY* port.
I have the source code sitting in front of me right now, its rather nasty on Microsoft's part.
If you know what a "shell" is, then this exploit gives you root access on the remote victims pc, through a shell.
To fix this, you must install the windows patches.
Visit http://www.microsoft.com/security/ for more information.
It seems the kiddies have got hold of a variant of this exploit and are randomly sweeping ip addresses and switching computers off. Wee what fun :/
|
Carp Riddell
|
Posted - 2003.08.12 14:05:00 -
[15]
Moral of the story...
1) Keep your OS up to date.
2) Firewalls should ALWAYS be configured by blocking everything then opening only the ports you NEED to use.
3) Virus checkers are effectively worthless against internet worms (they're a sticky plaster, not armour).
- Carp Riddell
- CEO, Innsmouth Shipping
- Proud Member of Curse Alliance
|
plur
|
Posted - 2003.08.12 14:08:00 -
[16]
windows XP, and AFAIK win2k have shared folders on your machine by default. How DUMB is that? its almost as dumb as Outlook express.. that other virus spreads fave tool. oh yeah both by MS...
Only way to turn file sharing off on those folders is via the registry. (My shared pictures, My shared music, My shared old socks etc)
If someone hasnt got a firewall that blocks file sharing then you can access their machine using either the command line, or even internet explorer.
file://127.0.0.1
its that easy. From there you can dig deeper or force your way into other directories.
I set kerio to ask me each time someone tried to access my network shares the other day, and shut off my router. every few minutes i have been getting access requests, this virus is spreading pretty quickly. good jobits not something nastier isnt it? not too disimilar to "code red" in the way it propagates itself.
if you are running that windows XP "firewall" and thinking its worth a crap then... silly you.
KERIO can block all network traffic, or asks you each time someone wants to access, or allow only trusted white listed addresses. its a free firewall with some excellent networking features, try it out if you dont have a hardware firewall. http://www.kerio.com
|
Raven DeBlade
|
Posted - 2003.08.12 14:09:00 -
[17]
it is NOT an worm/trojan/virus that comes from EVE, its even stupid to say so. Read and find FACTS before posting stuff like that.
"To hunt pirates you need time and patience, because even monkeys fall from the trees"
"Any statements made above this line are my persona" |
DeathStar
|
Posted - 2003.08.12 14:19:00 -
[18]
Hey peeps,
This is what i found out about port 135
135 TCP Microsoft RPC
Microsoft Windows Remote Procedure Call default port
135 TCP epmap
DCE endpoint resolution
135 UDP windows-messenger
Windows Messenger service, which allows a remote user to display dialog boxes on a Windows system's screen.
135 UDP epmap
DCE endpoint resolution
Think you need to point ya fingers else where. :)
|
agrizla
|
Posted - 2003.08.12 14:48:00 -
[19]
Quote:
windows XP, and AFAIK win2k have shared folders on your machine by default.
Wrong.
Quote:
Only way to turn file sharing off on those folders is via the registry. (My shared pictures, My shared music, My shared old socks etc)
Wrong.
Quote:
If someone hasnt got a firewall that blocks file sharing then you can access their machine using either the command line, or even internet explorer.
Partly wrong and partly right.
Quote:
file://127.0.0.1
its that easy. From there you can dig deeper or force your way into other directories.
If someone has physical access to a machine then nothing but nothing is going to stop them given that they have a modicum of knowledge.
A little knowledge (in your case) is indeed a dangerous thing.
|
Thano
|
Posted - 2003.08.12 14:51:00 -
[20]
eeeak scary stuff
|
agrizla
|
Posted - 2003.08.12 14:52:00 -
[21]
Quote:
Hey peeps,
This is what i found out about port 135
135 TCP Microsoft RPC
Microsoft Windows Remote Procedure Call default port
<sigh>
And you know what a Remote procedure call is? No. Didn't think so. Here you go :
Remote Procedure Call
A protocol which allows a program running on one host to cause code to be executed on another host without the programmer needing to explicitly code for this.RPC is an easy and popular paradigm for implementing the client-server model of distributed computing. An RPC is initiated by the caller (client) sending request message to a remote system (the server) to execute a certain procedure using arguments supplied.
|
agrizla
|
Posted - 2003.08.12 14:59:00 -
[22]
Oh and anyone who enables any sort of file sharing on the root partition of a machine is clinically insane. It's rule 1 of dealing with Microsoft operating systems. Anyway this is far enough off-topic and there are plenty of good resources on the net to help you secure your machine - and please please please nobody quote (or read) Steve Gibson's self-promoting nonsense 
|
Daesdemona
|
Posted - 2003.08.12 15:00:00 -
[23]
Quote:
This was posted on eve-i.com but I dont believe it. I believe the virus was caused by Eve or an in game eve website and they are trying to cover it up
This is not Eve related news but I thought it worthy a mention here because a lot of people seem to be thinking this particular problem is caused by Eve.
Symantec calls it W32.Blaster.Worm - follow the link below to their site for info on it - a removal tool can also be found there.
Microsoft posted an update for this on their site - follow the link below
It is recommended to run Windows Update to download all critical patches and also to update your antivirus definition files ASAP.
edit __kreischweide: Symantec also offers a small removal tool for this virus, follow the link below.
I have a dedicated EVE machine which i do not use to surf the web or download. I only play EVE on it and somehow mysteriously I got a virus which destroyed all applications and forced me to format. Not only that but a number of players in EVE now have the same virus
Your girlfriend gave you a virus, its called AIDS.
-----------------------------------------------
Bart: "Do you even have a job any more?"
Homer: "I think its obvious that I Don't"
----------------------------------------------- |
Viper Bronco
|
Posted - 2003.08.12 15:04:00 -
[24]
for the last 36 hours severla dsl.verizon.net sites have been bombarding my computor try to ***** every port. I am getting hit every second. my firewall isn't letting them thru.
yes I do have verizon dsl. out of washington. these are from florida nd californa and some other verizon sites.
I also talked to a repersentive way way back when I first signed up with them and they told me not drop my firewall even for them. they said that the permissions to firewall would be for certain ports only and those wouldn't change.
seems to me that verizon .dsl.net may have a virus of thier own.
if you have firewall in place which hopefully you al do. check your alert logs and see who is trying to get in.
|
scam artist
|
Posted - 2003.08.12 16:27:00 -
[25]
The firewall has blocked Internet access to your computer (TCP Port 135) from 81.84.90.167 (TCP Port 2106) [TCP Flags: S].
Time: 12/08/2003 17:23:20
The firewall has blocked Internet access to your computer (TCP Port 135) from 172.141.51.246 (TCP Port 2071) [TCP Flags: S].
Time: 12/08/2003 17:24:08
The firewall has blocked Internet access to your computer (TCP Port 135) from 81.84.137.154 (TCP Port 3914) [TCP Flags: S].
Time: 12/08/2003 17:24:48
The firewall has blocked Internet access to your computer (NetBIOS Name) from 211.52.248.123 (UDP Port 48644).
Time: 12/08/2003 17:25:22
The firewall has blocked Internet access to your computer (TCP Port 135) from 212.195.255.96 (TCP Port 4338) [TCP Flags: S].
Time: 12/08/2003 17:26:02
................
these boards need a search engine |
Thano
|
Posted - 2003.08.12 16:33:00 -
[26]
Edited by: Thano on 12/08/2003 16:33:30
why do people do this kinda stuff seriously?? i mean what kinda gain would you posibly get by infecting peoples machines with such a bug? luckaly i havnt gotten this sucker.. i have a roughter and personal firewall up hopefully that will be enouph to keep my machine clean
|
agrizla
|
Posted - 2003.08.12 16:37:00 -
[27]
For the people who actually discover the vulnerability it's one of three things :
a) an intellectual challenge;
b) part of their job to find these things;
c) an attempt to compromise a machine which will lead to personal gain.
For all the script kiddies who go on to actually exploit the vulnerability (which by the way was fixed by MS a month ago - so anyone with the problem has only themselves to blame) - it's because they're tossers. There's a lot of them about on the internet
|
Doc Brown
|
Posted - 2003.08.12 16:39:00 -
[28]
Edited by: Doc Brown on 12/08/2003 16:42:08
The virus will infect any Windows NT, 2000 and XP machine that does not have the proper patch applied.
Microsoft has some patches for Windows that, if applied, will prevent infection:
- Windows NT: Windows NT Patch
- Windows 2000: Windows 2000 Patch
- Windows XP: Windows XP
(For the technically minded, the security bulletin is located at Microsoft Tech Bulliten MS03-026 )
Also, Symantec has put out a tool for cleaning machines from this virus. The removal tool is located at http://securityresponse.symantec.com/avcenter/FixBlast.exe. To use the tool, all you need to do is download the FixBlast.exe file and double click on to run it. Documentation about the tool is located at
Documentation about the FixBlast tool
Finally, Symantic has some information about the worm/virus
_________________________________________________
There are no bad ideas, only bad implementations. |
Marcus Grisbius
|
Posted - 2003.08.12 16:39:00 -
[29]
I'm just curious, what does this virus/worm do? I've heard a lot about the virus but not anything as to how I can tell if I have the virus. I haven't had anything really bad happen but I don't know what to look for.
Certainty of death... little chance of success... what are we waiting for? - Gimli, son of Gloinn |
Bad Harlequin
|
Posted - 2003.08.12 17:00:00 -
[30]
patch your ^*$@?!!
patch your ^%(@?!!
patch your ^$*(@?!!
windowsupdate.com is your friend
it freakin' does everything for you
how lazy do you have to be to not even do THAT much???!@
the worm is only a symptom, and the first
the underlying exploited hole MUST BE PATCHED
i've said it before, and i'll say it again:
You are in a maze of twisty little asteroids, all alike. |
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |