IT Excuse Generator

Feeds
Add to Google
RSS FEED


August 07, 2003

Windows DCOM/RPC Remote Exploitation

Last week I mentioned that significant holes have been found in all versions of windows and recommend some ways you can protect yourself from having them exploited.

There are now lots of signs of that the Windows DCOM/RPC Remote hole is already being widely exploited, probably by a super worm named RedBull. This worm is rumored to be nearing the end of its beta testing and could be fully released soon. I personally, haven't seen this worm's code yet, but from its discussion on a few mail lists it looks like it will be one bad mother f*cker. It could even make CodeRed and Nimda look like child's play.

In addition to following my previous recommendations you can help make sure you're not outrightly vulnerable to this worm by making sure your computer's port # 135 is secure. Check it now by clicking here. This link will instantly and easily test anyone's Internet-connected PC. "Open" is BAD, "Closed" or "Stealth" is safe.

Keep in mind, even if this port is Closed or Stealth you are still vulnerable to attack through email attachments. If you double click on one that exploits the Windows DCOM/RPC Remote hole, every system on the network could be infected within seconds! So as usual, you need to be very careful with email attachments.

Update:
Its being suggested that the worm might be attempting ports 135 through 139, and 445 through 593. To check all these ports click here to test 135. Then scroll down and click on the "All Service Ports" button.

Posted in Computing & Tech News by usrbingeek at 2003-08-07 15:50 ET (GMT-5) | 0 Comments | Permalink



Comments










This web site is provided "as is" with no representations or warranties, and confer no rights. We are not liable for omissions or typographical errors contained in the content. Use at your sole risk.
The opinions expressed here do not necessarily represent any other entity or party we may have a connection or affiliation with.
usrbingeek, usr bin geek, usrbingeek.com, #!/usr/bin/geek are trademarks of usrbingeek LLC. All other trademarks and tradenames are property of their respective owners.