RE: Purging Blaster.worm

["Stuart" <secmail () patchsupplier dyndns org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah great, yeah I think it's a good idea too, as with the original
worm the person that made it is unlikely to be tracked so I doubt the
person who makes the "counter-worm" will either. 
However as you said about M$, I agree with you on that one

Stu

- -----Original Message-----
From: TheFueley [mailto:TheFueley () satx rr com] 
Sent: 15 August 2003 08:35
To: Duston Sickler; Stuart; security-basics () securityfocus com
Subject: RE: Purging Blaster.worm

There's a user on Astalavista.net saying that he made a
"counter-worm" to
nullify this w32.blaster.worm. says he coded it in VC++. i havent
seent the
code myself, but have seen that others at the site that have, give it
props.
Says it can block 4 of the 6 variants...or something like that. the
whole
legality discussion went on there too. Personally i think its a good
idea to
try and combat the thing, legal or not. who would really sue for
trying to
block it? unless M$ created it. oh well
The Fueley

- -----Original Message-----
From: Duston Sickler [mailto:dustons () charter net]
Sent: Wednesday, August 13, 2003 7:53 PM
To: Stuart; security-basics () securityfocus com
Subject: Re: Purging Blaster.worm


You would be stepping on a lot of toes by doing that.  Not to mention
breaking several laws.

This hack patch discussion has been had before.  The area sounds
appealing
but when it comes down to who is responsible if the "Patch Worm"
breaks my
"whatever" it starts to loose its luster.

Duston Sickler
CompTIA A+ Certified
"Cedo nulli."
- ----- Original Message -----
From: "Stuart" <secmail () patchsupplier dyndns org>
To: <security-basics () securityfocus com>
Sent: Wednesday, August 13, 2003 5:14 PM
Subject: RE: Purging Blaster.worm


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Is it not possible to create another worm or modify this worm to
> actually patch the machines? :)
> Looking at the Symantec removal tool there is a silent mode.. A few
> days back I was on the Microsoft site and I also saw an option for a
> non interaction install for the RPC patch but looking through the
> site now I cannot find it :(
> The "fixing worm" could scan for 2 hours then purge itself?
>
> Just a thought
>
> Stu
>
> - -----Original Message-----
> From: Andreas Rothlauf [mailto:security () bitgui de]
> Sent: 13 August 2003 21:25
> To: security-basics () securityfocus com
> Subject: Re: Purging Blaster.worm
>
> Hi,
>
> JG>  Has anyone successfully purged the MSBlaster worm. There is a
> tool out
> JG> there that can do it but is it reliable?
>
> Symantec has made a tool available:
> http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to
> ol.html
>
> A friend told me that it works.
>
> greetZ //AndY
>
>
>
> - ----------------------------------------------------------------------
> - -----
> - ----------------------------------------------------------------------
> - ------
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
>
> iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN
> aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/
> qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP
> Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro
> swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6
> OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz
> id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6
> bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk
> 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk
> 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+
> C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS
> 37cjHXHGHds=
> =eKYz
> -----END PGP SIGNATURE-----
>
> --------------------------------------------------------------------
> ------ 
- -
> --------------------------------------------------------------------
> ------ 
- --
>


- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------




- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQIVAwUBPz0dYZMRMj30dWmZAQI6jA//StPuicZxYfB3GTlnFPWYGt3ElLxPN56R
A1vhrVEJc/cEKUV7KidSNqj6kUeEmcArfb9zX4fczBhsUCr5tLbviEyyZjdhk+/X
1VZmehuxcF1qxjWVWZ65Ksap+tsxeS++ew4jwmqZe1HapRqURmnem/oXEkGTVtCM
XPZ81qaaNt7XKNXAlJ9e/p7Tqt11uTpMf3nMM0Bi3l7AzMx90opjipOnN12yh8jK
VJCz9rMqzJrM1NOF5XdtimtV8ZU7AAOOYUMIxipOhDQFaTVqy4QabI6ihe94vaQ6
nWjYThMF0m/CXrcB2EDK3e0ECoyrRYFhv9azZF9Vr+gpW3wfqIIZe78X5jsLQSND
Ccl4/so+SuisyT/LGTjp9Cz7xWZ309z4Fzcm9V/PrLVSuGnmK7mH5O6bpfN0NgiW
vbecrRdDARMPc5JWiuTehZaN03Vzd9FDSi+/D3LE+mjU1qWNb9CApDLuthF1jbYP
dBNO9+MZCbeBmvIN/bDKHpubXiPoFwlLOWteLklm5UwXkebuvZYTEJxfaeJk35Vw
TfunnOMmFJ3tS2TB+EEhYX7ecv6CODouSsXj9aqr2fxNMpFP3RslejVLLMZDmUP9
aD+HoiN3POmDbXCKFi1hrKIi7k6k5MISjqJf39mzXYOdjLN3Qm2/lJJGMFdyXXsl
Byo5IXa8lFQ=
=oqWA
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
----------------------------------------------------------------------------