• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

RPC Hack

Scarpozzi

Scarpozzi

Lifer
Microsoft RPC exploits that you can read about here:
Link

Hundreds of computers across the country have been hit hard by this today. I'm sure many corporations and universities are being hit the hardest. Just thought I'd throw out a heads up and say that if you're on one of these networks, you might wanna unplug for a while.

-Scar
 
I'm in the middle of it right now (university). I'm trying to install a firewall on all the computers left in the department who's users have refused to do on thier own so far. My record today was 8 blocked attempts within the first 30 seconds of turning on a firewall. Seems harmless so far though.
 
I'm sure many corporations and universities are being hit the hardest
Click to expand...

Only the ones that stupidly expose NT boxes directly to the Internet.

Seems harmless so far though.
Click to expand...

Harmless? It phones home to let people know it's been taken over, then at any time in the future it can be used in an attack by those persons.
 
Originally posted by: Nothinman
Harmless? It phones home to let people know it's been taken over, then at any time in the future it can be used in an attack by those persons.
Click to expand...
Harmless in the sense that this attack isn't meant to distroy anything on the computer, but it is so noticible that all the users finally put on the firewall and the attack is ended. So basically it is a good wakeup call - and no damage is currently being done. Of course if you ignore the wakeup call, then it will likely no longer be harmless.

I'd be a lot more worried if this attack wasn't noticible to the users - then they still be refusing the firewalls and they'd never know they were attacked.
 
Originally posted by: dullard
Originally posted by: Nothinman
Harmless? It phones home to let people know it's been taken over, then at any time in the future it can be used in an attack by those persons.
Click to expand...
Harmless in the sense that this attack isn't meant to distroy anything on the computer, but it is so noticible that all the users finally put on the firewall and the attack is ended. So basically it is a good wakeup call - and no damage is currently being done. Of course if you ignore the wakeup call, then it will likely no longer be harmless.

I'd be a lot more worried if this attack wasn't noticible to the users - then they still be refusing the firewalls and they'd never know they were attacked.
Click to expand...
I don't think anything that sets up a priviledged command shell for the attacker can be classified as "harmless".

And as for volume, one of the departments here at the University of Wisconsin has denied over 16,000 requests to port 135 in the last 24 hours. That's even one of the smaller departments, I don't even want to know what the total would be campus wide.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top