FBI Looks For Source Of Internet Infection

Dom

The FBI yesterday joined the hunt for the source of an Internet worm that was estimated to have infected more than 250,000 computers this week.

As users patched the holes that made their computers vulnerable, it became clear that electronic attacks target both the humble to the mighty. Home users were believed to be most affected, but on Tuesday the "Blaster" worm reached into a dozen computers in the U.S. Senate and caused the Federal Reserve Bank of Atlanta to shut down most of its computer system. The worm interrupted work for two days at CBS in New York.

Nearly half the 250,000 infected computers are in the United States, said Alfred Huger, senior director of engineering at Symantec Corp., a security software company.

Huger said the number of new infections has dropped nearly 50 percent since the worm's peak Tuesday morning, but that new, more invasive versions of the worm will probably emerge.

"It's very likely that in short order we'll see revisions of the worm that are faster, more efficient and more destructive," Huger said. Internet security experts already have detected at least two new versions of the worm, but the changes are minor.

The FBI's cyber division is trying to identify the source and author of the worm, said spokesman Bill Murray. Officials from the Department of Homeland Security are participating in the inquiry. Murray declined to say whether the FBI had any leads.

Read More...

BWX

Why don't these people just update their computers w/ the critical updates? Sheesh-

krazy1

Updated and get a firewall...... Our network here at work got hit by it very minimal... and that was becasue some of the people with laptops brought it in on their laptops(connected to the internet at home and then logged into our network)...... Didn't stop us here. We sniffed out the 7 laptops and pulled them off the network. Pulled that bad boy blaster.exe off of them and all is good......

toddsmack2k

You do realize some people got it even though they were up to date. Your not always safe.

Dyre Straits

I did....and still got hit.

BWX

Were you guys who got it and were patched on home lans?

Did you have all your unneeded services turned off?

Did you have firewalls and AV programs running?

Just wondering what the common factors are in getting the attack when you are on an updated system.

Dyre Straits

Yes,

Home LAN, Patched - I'm very serious about keeping things up to date via Windows Update, VS Updated, Behind a Router, Connected by Comcast Cable.

I had also turned off Services via the Tweak Guide provided elsewhere....in order for games to play better.

It would be interesting to see how many other Comcast customers were affected.

Here's what's interesting: Right after reformatting the HD and getting XP back up and running, the very first thing I had to deal with was MSBlaster again. That was before I could even connect to Windows Update and get any of the patches or updates. So, I'm thinking that it somehow survived the reformatting.

krazy1

When you formated did you do a full format or a quick??

Dyre Straits

It most likely was the 'quick' one as that's what the Seagate CD did. So, yes, it likely left remnants on the HD.

So far, after all of this, things seem to be to normal.....if there is such a state.

Al_Vampyre

Bill Murray works for the FBI??? What next Arnie running for State Governor?????

Silverfox

I was fortunate and was not infected, but for anyone that was, or may be in the future with new revisions of this worm, you may want to download the newest version of adaware 6.0 that has a new reference file and remedial solutions to this latest virus.

amdking

Windows Updates dont mean crap.
It was because of an error in a previous windows update that this virus infected everyone.

Thats what I read several places.

BWX

I beg to differ- I was updated and it didn't touch me- My firewall wasn't on either, and neither was auto protect or script blocking- So what protected me- and why did everyone I know get it? And the only difference was that I was fully updated and they weren't. Hmmm

krazy1

I for one can say my firewall kept my a$$ safe.... as for my firewall.... it is getting a good workout but it is holding strong and true. Out of all teh reading I have been doing there are 2 things you need to have on your system to be safe. One is the patch and the other is DirectX 9b. We found that out here at work doing some research. Yea I know you are probably saying "DirectX 9b??" Yep it patches one of the system holes this thing plows through. I find it funny alot of sites have not mentined this but one of our security people found a thing on it. Having these 2 patches DOES NOT mean you will not get infected in the next wave!! Get a firewall up! Even Dial-up people are vulnerable to this. Here are the ports they now recomend keeping closed:
69/UDP
135/TCP
135/UDP
139/TCP
139/UDP
445/TCP
445/UDP
4444/TCP

One of the new varients is now called "teekids.exe" and there are several more expected to be hitting soon.

As for those of you on ComCast, here is something for you....
"In addition to causing major headaches for users and IT staffs, Blaster is also being blamed for some service problems on Comcast Corp.'s cable modem network. Several Comcast customers said their service had been down for extended periods during the last couple of days and that Comcast officials said Blaster was to blame."


Get those systems patched and for your sanity, get a firewall up!!!

BWX

I saw that too- that dx9.0b was partially for a security risk, kind of crazy-

Hey, how do you shut ports w/o a firewall? I know some can be shut by turning off certain unneeded sevices, but what about other ones- Is it possible to do w/o a firewall? And- I know netbios leaves a port open you can easily shut by going to advanced tcp/ip settings, wins tab, netbios settings, click disable netbios over tcp/ip.

Silverfox

I also had recently updated the latest windows update security patch and that may have been the reason I was not infected. Also I am an AOL member, and to my understanding, correct me if Im wrong, AOL has a built in firewall in their server, that users cannot disable even if they wanted to. That also may have helped my rig from being infected. The main thing is to try and help the unfortunate folks that were infected and suggest program solutions, that may help curb future revisions of this type worm, which we all know will always exist!

krazy1

Really the only way to shut all the ports from the outside world is a firewall..... You are right by shutting down some services.... best way to be safe is get a firewall.....

BWX

Oh, another thing of interest-

I just got done fixing my mom's PC over the phone, walking her through it- (she didn't have the latest updates)


THESE are the things I had to fix on here PC- She got THREE of them before it was all said and done.

these are:

The Blaster one,

W32.Randex.E, and

W32.Spybot.worm.



After I got the machine all updated, ran Norton a few times, and follwed removal directions, all is well. NO firewall on that machine at the time either-

BWX

I think I'm just going to buy a NAT router- I hate software firewalls.

ErrorS

dude, thats the point of mblaster. all it has to do is send some shiet to a certain unprotected port and you get the virus. It didnt survive the formatting, you just got infected the second your internet was connected after doing a fresh install.

I know I got it right after a fresh install and I had never had it before. It's because I hadn't had time to update..

It's going to be like this until we get a new OS. You'll get hit with the virus or a clone of the virus the instant you do a fresh install of windows and are on the internet. Until you download the patch

BWX

I fixed it without reinstalling on my mom's machine by downloading the patch and sending it to her. Disconnecting her from internet- Updating machine with file I sent her. Followed fix directions, ran scan again. Connect to internet- then go get rest of updates--

I mean sheesh- you expect to fix it while connected to internet w/o a patch? Nope- not gonna work. No need to reinstall OS if you fix the worm. I had to fix THREE at the same time w/o touching the computer, and it worked.

krazy1

Yea the NAT are much easier to manage...... I had a Linksys up till about 2 weeks ago... I just went to Astaro Security Linux for my current one....

BWX

They don't take anything away from network performance either do they? D/L speed and Ping-- I heard that is the way to go. OR I heard you can set up an old pc w/ 2 network cards in it to act as a really good NAT router/ Firewall- No need for a monitor or mouse after set up either- I might do that too. It work better than nothing, that's for sure- and it would probably have caught this kind of thing too.

krazy1

No boxes like Linksys take nothing away and your second part with using an old PC for a firewall... that is EXACTLY what I am doing with Astaro Security Linux.... Let's just say ASL is 10x the firewall that Linksys or any other NAT is..... It is more firewall then most average home user needs.... then again my network is no where near average.....heheheheh