Latest news
ISS X-Force - "MS Blast" MSRPC DCOM Worm Propagation
ISS X-Force has captured active samples of an automated Internet worm that propagates via the MS RPC DCOM vulnerability documented in ISS X-Force Alert titled "Flaw in Microsoft Windows RPC Implementation". MS Blast is currently propagating aggressively across the Internet.
eEye - 'Blaster' Worm Description and Technical Details
The Blaster worm uses a series of components to successfully infect a host. The first component is a publicly available RPC DCOM exploit that binds a system level shell to port 4444. This exploit is used to initiate a command channel between the infecting agent and the vulnerable target. Once the target is successfully compromised, the worm transmits the msblast.exe executable (the main body of the worm) via TFTP to infect the host. The payload used in the public DCOM exploit, as well as the TFTP functionality, are both encapsulated within msblast.exe.
Cisco Systems - W32.BLASTER Worm Mitigation Recommendations
Cisco customers are currently experiencing attacks due to a new worm that is active on the Internet. The signature of this worm appears as UDP traffic to port 69 and high volumes of TCP traffic to port 135 and 4444. Affected customers have been experiencing high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include, but are not limited to high CPU and traffic drops on the input interfaces. This document focuses on both mitigation techniques and affected Cisco products which need software supplied by Cisco to patch properly.
DNS Commentary - Blaster Only Set to Stun
Once again, it appears that the worm authors had caught system administrators with their trousers down. Despite the availability of a patch since mid-July to fix the vulnerability exploited by W32.Blaster, the widespread infection of both business and home computers showed that in the vast majority of cases, it had not been applied. Such was the infection rate that, at its pinnacle, the worm was taking only 30 seconds to find an uninfected computer somewhere in the world.
Virus vendors on the MS SQL worm
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
