Aprenda a criar sua Home Page de um jeito fácil
   
 
 
Home | Biblioteca | Calendário | Download | Literatura | Notícias | Segurança | Vacinas | Virus |

 Livro de Visita

 Pesquisa Vírus

 Alertas de Vírus

 Mapa Mundi

 Testes de AV

 Vírus Reais

 Portas de Trojans

 Notícias da Web

 White Papers

 Rede Segura

 Zone Alarme

Ações para o Worm Blaster

Tudo sobre o LovSan ou Blast
Recomendações do site Vírus Alerta | O que a Microsoft informou sobre o LovSan

Este material foi publicado pelo boletim Windows Platform News da Microsoft, e está na sua forma original
| Este material está sendo constantemente atualizado - volte sempre |
| leia também as notícias sobre SEGURANÇA que têm sido comentadas em nosso Portal |

Recomendação do site Vírus Alerta...

Você pode apenas se proteger contra os ataques do worm LovSan (ou Blaster), atualizando seu anti-vírus, e também atualizando seu Windows NT, 2000 ou XP, ou pode se aprofundar nos meandros desse ataque, saber como ele ocorre, qual é a vulnerabilidade que o worm explora, conhecer mais detalhes técnicos da vulnerabilidade descoberta no início do mês de agosto.

Esse worm é único (a grosso modo veja bem) no universo dos vírus virtuais dos últimos meses, pois ele não é distribuído na forma de e-mail, o canal sempre presente há muito tempo no universos dos ataques virais.

Para se aprofundar mais nesse assunto, o site VÍRUS ALERTA - VÍRUS ALERTA - recomenda a leitura dos seguintes artigos:

· Notícia inicial sobre a descoberta da vulnerabilidade, que poderia ser utilizada para iniciar um ataque em massa (do tipo DoS):
http://www.superdicas.com.br/noticias/internet.asp?u_action=display&u_log=144

· Notícia dando conta dos primeiros ataques usando essa vulnerabilidade - ainda de forma não global e distribuída:
http://www.superdicas.com.br/noticias/internet.asp?u_action=display&u_log=145

· Notícia inicial do aparecimento do worm LovSan na Internet:
http://www.superdicas.com.br/va/noticias_virus.asp?u_action=display&u_log=211

· Outra notícia na Web sobre o worm, cujo autor brinca com Billy Gates:
http://www.superdicas.com.br/va/noticias_virus.asp?u_action=display&u_log=212

· Para saber mais detalhes técnicos sobre o LovSan leia a Ficha Técnica do LovSan:
http://www.superdicas.com.br/va/lista_virus.asp?nome=lovsan&lista=busca

· Se você desejar desabilitar o serviço DCOM, e com isso ter certeza que o worm não mais poderá te atacar, leia o artigo abaixo:
http://www.superdicas.com.br/noticias/internet.asp?u_action=display&u_log=152

· Para ter à mãos uma Vacina Especial que remove o worm LovSan entre no endereço:
http://www.superdicas.com.br/vacinas/vacinas.asp e baixe o STINGER (da McAfee)

Boa leitura!

Francisco Panizo

 

Material originalmente publicado pelo Boletim do site Vírus Alerta

 

O que a Microsoft informou sobre o Blaster...

For the most recent news about Blaster, it is very important that you visit the Security page: http://go.microsoft.com/?linkid=220821. You will also find tips for helping Friends, family, and colleagues.   

In This Newsletter:
- Who Is Affected
- Impact of Attack
- Actions to Take
- Technical Details
- Recovery
- Related Knowledge Base
- Related Microsoft Security Bulletins
- Tips for Helping Friends, Family, and Colleagues

At 11:34 A.M. Pacific Time on August 11, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS).  Several antivirus companies have responded and written tools to remove the Blaster worm.

Who Is Affected?
Users of the following products are affected:
- Microsoft® Windows NT® 4.0
- Microsoft Windows® 2000
- Microsoft Windows XP
- Microsoft Windows ServerT 2003

The worm was discovered August 11. Customers who had previously applied the security patch MS03-026 are protected. 

To determine if the worm is present on your machine, see the technical details below.

Actions for Network Administrators
Managers of networked computers should read the Microsoft Product Support Services (PSS) Security Response Team alert for technical guidance: http://go.microsoft.com/?linkid=220822

Technical Details:
This worm scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability patched by MS03-026: http://go.microsoft.com/?linkid=220823
Once the Exploit code is sent to a system, it downloads and executes the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill

Symptoms of the virus:
Some customers may not notice any symptoms at all. A typical symptom is the system reboots every few minutes without user input.
Customers may also see:
- Presence of unusual TFTP* files
- Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory

To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32 directory or download the latest antivirus software signature from your antivirus vendor and scan your machine.
For additional information on recovering from this attack, please contact your preferred antivirus vendor.

Recovery:
Many antivirus companies have written tools to remove the known exploit associated with this particular worm. To download the removal tool from your antivirus vendor, follow the procedures outlined below.

» For Windows XP
1. If your computer reboots repeatedly, please unplug your network cable from the wall.
2. First, enable Internet Connection Firewall (ICF) in Windows XP:
http://go.microsoft.com/?linkid=220824
  --In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
  --Right-click the connection on which you would like to enable ICF, and then click "Properties".
  --On the Advanced tab, click the box to select the option to "Protect my computer or network".
3. Plug the network cable back into the wall to reconnect your computer to the Internet
4. Download the MS03-026 security patch from Microsoft and install it on your computer:
  Windows XP (32 bit) http://go.microsoft.com/?linkid=220825
  Windows XP (64 bit)  http://go.microsoft.com/?linkid=220826 
5.Install or update your antivirus signature software and scan your computer
6.Download and run the worm removal tool from your antivirus vendor.
 
» For Windows 2000 systems, where Internet Connection Firewall (ICF) is not available, the following steps will help block the affected ports so that the system can be patched. These steps are based on a modified excerpt from the article:
HOW TO: Configure TCP/IP Filtering in Windows 2000. http://go.microsoft.com/?linkid=220827

1. Configure TCP/IP security on Windows 2000:
  --Select "Network and Dial-up Connections" in Control Panel.
  --Right-click the interface you use to access the Internet, and then click "Properties".
  --In the "Components checked are used by this connection" box, click "Internet Protocol (TCP/IP)", and then click "Properties".
  --In the Internet Protocol (TCP/IP) Properties dialog box, click "Advanced".
  --Click the "Options" tab.
  --Click "TCP/IP filtering", and then click "Properties".
  --Select the "Enable TCP/IP Filtering (All adapters)" check box.
  --There are three columns with the following labels:
    TCP Ports
    UDP Ports
    IP Protocols
  --In each column, you must select the "Permit Only" option.
  --Click OK.
2. Download the MS03-026 security patch for Windows 2000 from Microsoft and install it on your computer from: http://go.microsoft.com/?linkid=220828
3. Install or update your antivirus signature software and scan your computer
4. Then, download and run the worm removal tool from your antivirus vendor.

For additional details on this worm from antivirus software vendors participating in the Microsoft Virus Information Alliance (VIA), please visit
the following links:

Network Associates: http://go.microsoft.com/?linkid=220829

Trend Micro: http://go.microsoft.com/?linkid=220830

Symantec: http://go.microsoft.com/?linkid=220831

Computer Associates: http://go.microsoft.com/?linkid=220832

For more information on Microsoft's Virus Information Alliance, please visit this link:
http://go.microsoft.com/?linkid=220833

Please contact your antivirus vendor for additional details on this virus.

Prevention:
1. Turn on Internet Connection Firewall (Windows XP or Windows Server 2003) or use a third-party firewall to block TCP ports 135, 139, 445 and 593; UDP port 135, 137,138; also UDP 69 (TFTP)and TCP 4444 for remote command shell. To enable the Internet Connection Firewall in Windows: http://go.microsoft.com/?linkid=220834
  --In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
  --Right-click the connection on which you would like to enable ICF, and then click "Properties".
  --On the Advanced tab, click the box to select the option to "Protect my computer or network".

This worm utilizes a previously announced vulnerability as part of its infection method. Because of this, customers must ensure that their computers are patched for the vulnerability that is identified in Microsoft Security Bulletin MS03-026. http://go.microsoft.com/?linkid=220835.
2. Install the patch MS03-026 from the Microsoft Download Center:
Windows NT 4 Server & Workstation http://go.microsoft.com/?linkid=220836  
Windows NT 4 Terminal Server Edition  http://go.microsoft.com/?linkid=220837
Windows 2000 http://go.microsoft.com/?linkid=220838
Windows XP (32 bit) http://go.microsoft.com/?linkid=220839    
Windows XP (64 bit) http://go.microsoft.com/?linkid=220840  
Windows 2003 (32 bit) http://go.microsoft.com/?linkid=220841
Windows 2003 (64 bit) http://go.microsoft.com/?linkid=220842 
3. As always, please make sure to use the latest antivirus detection from your antivirus vendor to detect new viruses and their variants.

Related Knowledge Base Articles: http://go.microsoft.com/?linkid=220843

Related Microsoft Security Bulletins: http://go.microsoft.com/?linkid=220844

If you have any questions regarding this alert, please contact your Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the United States; outside of the United States please contact your local Microsoft Subsidiary.

Microsoft Communities is your launching pad for communicating online with peers and experts about Microsoft products, technologies, and services: http://go.microsoft.com/?linkid=220819
 

Material originalmente publicado pela Microsoft

As páginas deste Site são atualizadas constantemente, de tal sorte que se você visitar sempre nossa Home Page, a cada vez poderá encontrar novidades, mais informações sobre alguns vírus importantes - ou novos vírus - novos métodos e/ou programas Anti-Vírus. Volte sempre, mande seu recado ou experiência para que possamos divulgar neste espaço.
 


 

HomePesquisasComo AgemMacro-VírusMapa MundiSafe ModeSegurança Pró-ativaTestes de AVVírus ReaisWhite Papers |

Atenção: não podemos dar suporte diretamente para os internautas; use nosso FÓRUM VÍRUS ALERTA para suas dúvidas;
Desejando um suporte diferenciado e específico para suas necessidades, associe-se ao Clube do Help Desk.