RE: Purging Blaster.worm

["David Gillett" <gillettdavid () fhda edu>]

  In fact, I was re-reading "The Shockwave Rider", by John Brunner,
just last week, as I do every couple of years.  Highly recommended.

  ("The Adolescence of P-1" was largely set, supposedly, at my Alma
Mater.  We used to sit around counting the number of factual
inaccuracies about the place....)

David Gillett


> -----Original Message-----
> From: Ken Jacobs [mailto:kenneth_jacobs () msn com]
> Sent: August 14, 2003 10:49
> To: meritt_james () bah com; secmail () patchsupplier dyndns org
> Cc: security-basics () securityfocus com; kennethjacobs () starband net
> Subject: Re: Purging Blaster.worm
>
>
> What's scariest about all this?
>
> Back in the late 70's, early 80's, a science fiction writer
> wrote a novel
> that envisioned scenarios much like we see today. Much of the
> terminology he
> used then is in common use today, as are many of the
> concepts. He wrote of a
> network comparable to today's internet (or maybe that of the
> not so distant
> future), a variety of worms (and the idea of worms that eat
> other worms).
> The recent flap over the DARPA 'terrorist futures'? He
> mentioned a 'delphic
> lottery' - the idea that if enough people bet on potential
> futures (similar
> to the stock market), they'd actually accurately predict
> future events.
>
> And all this back before Robert Morris' infamous worm..
> (talk of ancient
> hsitory)
>
>
> > From: "Meritt James" <meritt_james () bah com>
> > To: Stuart <secmail () patchsupplier dyndns org>
> > CC: security-basics () securityfocus com
> > Subject: Re: Purging Blaster.worm
> > Date: Thu, 14 Aug 2003 09:32:04 -0400
> >
> > Yes, it is possible.  No, it is not legal to do so.
> >
> > It has been done with another.  The one who did it is on
> jail for that
> > reason.  Modifying systems which belong to someone else, no
> matter your
> > reasons, is a no-no.
> >
> > Jim
> >
> > Stuart wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hi,
> > >
> > > Is it not possible to create another worm or modify this worm to
> > > actually patch the machines? :)
> > > Looking at the Symantec removal tool there is a silent
> mode.. A few
> > > days back I was on the Microsoft site and I also saw an
> option for a
> > > non interaction install for the RPC patch but looking through the
> > > site now I cannot find it :(
> > > The "fixing worm" could scan for 2 hours then purge itself?
> > >
> > > Just a thought
> > >
> > > Stu
> > >
> > > - -----Original Message-----
> > > From: Andreas Rothlauf [mailto:security () bitgui de]
> > > Sent: 13 August 2003 21:25
> > > To: security-basics () securityfocus com
> > > Subject: Re: Purging Blaster.worm
> > >
> > > Hi,
> > >
> > > JG>  Has anyone successfully purged the MSBlaster worm. There is a
> > > tool out
> > > JG> there that can do it but is it reliable?
> > >
> > > Symantec has made a tool available:
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.to
> > ol.html
> >
> > A friend told me that it works.
> >
> > greetZ //AndY
> >
> > - ----------------------------------------------------------------------
> > - -----
> > - ----------------------------------------------------------------------
> > - ------
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0.2
> >
> > iQIVAwUBPzq4K5MRMj30dWmZAQIOCBAAy73WqYpzZSyjKb530Gefx+cJ3vhV73RN
> > aiFGkEtN+zaGio14/TWNNgFEDpY3DxNtbQF5GPAtw7OBV61qTsg9NOOxAJioyZV/
> > qftWulRdv9P7AmJ96c50ge9Gb5bVb2u6w0xIgS8pk5ButD5/z5QOOQ4mK0BRboyP
> > Du4EdphbMQNd6DI1cdWnQV6tX++jtMh2BnUwFSIj7WTwXIpUg4/H9PzJ/TZYx5Ro
> > swymEnfAusWUFWCljBG0PwTdNqFwmy4LWaCHJEIH/2MJ8ZdMlvUza6nX79yn12j6
> > OmavfnW0uUEX5bp3w4qF9C1b/6C7ajRlzBmqX4gG5iY28fGC+BlPAJgwhndbsJaz
> > id9Za7LhaErG5r3gpJiPL+Xv6nv7PCwBM0p+WhX19d1Z3JUIfmbCHekifLydmwm6
> > bYnG5tK9oH2K3IgzmM9m5oZYOD4sf/gUrqEGI0oK5md393xdfqv/ce/mS+VvShEk
> > 59yuldmgV6pG8Yg5FF+bKI2lf1f35J4iWRknHEa114i3+PveJgSOtMdR71h7Rrnk
> > 8j829JAtN66Z8Ndf14U2mtMmKlIIkoiq6lnc5kvq5tjKjJFTODlR70VPWfT/fu7+
> > C+MZulc55R2ZBp4cDe0ZriNtv9rEqWykQfc2GgIxTYvYYK1M3/861cnsoPCHudVS
> > 37cjHXHGHds=
> > =eKYz
> > -----END PGP SIGNATURE-----
> ---------------------------------------------------------------------------
> >
> ---------------------------------------------------------------------------
-
> --
> James W. Meritt CISSP, CISA
> Booz | Allen | Hamilton
> phone: (410) 684-6566
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
-
>

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------