Security Basics mailing list archives
Re: Purging Blaster.worm
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 15 Aug 2003 13:26:46 -0400
Anyone who saw your worm on their machine and could identify where it came from. TheFueley wrote:
There's a user on Astalavista.net saying that he made a "counter-worm" to nullify this w32.blaster.worm. says he coded it in VC++. i havent seent the code myself, but have seen that others at the site that have, give it props. Says it can block 4 of the 6 variants...or something like that. the whole legality discussion went on there too. Personally i think its a good idea to try and combat the thing, legal or not. who would really sue for trying to block it? unless M$ created it. oh well The Fueley -----Original Message----- From: Duston Sickler [mailto:dustons () charter net] Sent: Wednesday, August 13, 2003 7:53 PM To: Stuart; security-basics () securityfocus com Subject: Re: Purging Blaster.worm You would be stepping on a lot of toes by doing that. Not to mention breaking several laws. This hack patch discussion has been had before. The area sounds appealing but when it comes down to who is responsible if the "Patch Worm" breaks my "whatever" it starts to loose its luster. Duston Sickler CompTIA A+ Certified "Cedo nulli." ----- Original Message ----- From: "Stuart" <secmail () patchsupplier dyndns org> To: <security-basics () securityfocus com> Sent: Wednesday, August 13, 2003 5:14 PM Subject: RE: Purging Blaster.worm-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Is it not possible to create another worm or modify this worm to actually patch the machines? :) Looking at the Symantec removal tool there is a silent mode.. A few days back I was on the Microsoft site and I also saw an option for a non interaction install for the RPC patch but looking through the site now I cannot find it :( The "fixing worm" could scan for 2 hours then purge itself? Just a thought Stu - -----Original Message----- From: Andreas Rothlauf [mailto:security () bitgui de] Sent: 13 August 2003 21:25 To: security-basics () securityfocus com Subject: Re: Purging Blaster.worm Hi, JG> Has anyone successfully purged the MSBlaster worm. There is a tool out JG> there that can do it but is it reliable? Symantec has made a tool available: http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to ol.html A friend told me that it works. greetZ //AndY - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/ qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6 OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6 bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+ C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS 37cjHXHGHds= =eKYz -----END PGP SIGNATURE----- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Purging Blaster.worm, (continued)
- Re: Purging Blaster.worm Schneider Sebastian (Aug 13)
- Re: Purging Blaster.worm Todd (Aug 14)
- Re: Purging Blaster.worm Schneider Sebastian (Aug 14)
- RE: Purging Blaster.worm Stuart (Aug 13)
- RE: Purging Blaster.worm Andrew Hecox (Aug 14)
- Re: Purging Blaster.worm Duston Sickler (Aug 14)
- RE: Purging Blaster.worm Stuart (Aug 14)
- Re: Purging Blaster.worm Todd (Aug 14)
- RE: Purging Blaster.worm Alexander Suhovey (Aug 16)
- RE: Purging Blaster.worm TheFueley (Aug 15)
- Re: Purging Blaster.worm Meritt James (Aug 15)
- RE: Purging Blaster.worm Stuart (Aug 16)
- Re: Purging Blaster.worm Schneider Sebastian (Aug 13)
- Re: Purging Blaster.worm Meritt James (Aug 14)
- Re: Purging Blaster.worm Meritt James (Aug 19)
- RE: Purging Blaster.worm David Gillett (Aug 19)
- Ethics Question Mike Taylor (Aug 21)
- Re: Ethics Question Adam Newhard (Aug 21)
- Re: Ethics Question Suzanne Rodday (Aug 21)
- Re: Ethics Question Sebastian Schneider (Aug 22)
- Re: Ethics Question Michael Thornhill (Aug 21)
- Re: Ethics Question Schneider Sebastian (Aug 21)