Windows DCOM/RPC Remote Exploitation
Last week I mentioned that significant holes have been found in all versions of windows and recommend some ways you can protect yourself from having them exploited.
There are now lots of signs of that the Windows DCOM/RPC Remote hole is already being widely exploited, probably by a super worm named RedBull. This worm is rumored to be nearing the end of its beta testing and could be fully released soon. I personally, haven't seen this worm's code yet, but from its discussion on a few mail lists it looks like it will be one bad mother f*cker. It could even make CodeRed and Nimda look like child's play.
In addition to following my previous recommendations you can help make sure you're not outrightly vulnerable to this worm by making sure your computer's port # 135 is secure. Check it now by clicking here. This link will instantly and easily test anyone's Internet-connected PC. "Open" is BAD, "Closed" or "Stealth" is safe.
Keep in mind, even if this port is Closed or Stealth you are still vulnerable to attack through email attachments. If you double click on one that exploits the Windows DCOM/RPC Remote hole, every system on the network could be infected within seconds! So as usual, you need to be very careful with email attachments.
Its being suggested that the worm might be attempting ports 135 through 139, and 445 through 593. To check all these ports click here to test 135. Then scroll down and click on the "All Service Ports" button.
Posted in Computing & Tech News
by usrbingeek at 2003-08-07 15:50 ET (GMT-5) | 0 Comments | Permalink