主题：【注意】新的蠕虫病毒肆虐，使用XP、NT的朋友要小心 -- 机会主义者

windows出现Windows RPC缓冲区越位漏洞，请装有XP的用户下载此windowsXP补丁，

否则很容易遭到别人攻击

Forrester研究室主任迈克尔瑞森指出：“利用Windows中的一个漏洞进行攻击的新的方法已经被发布，针对Windows的更大规模的攻击即将到来。”

　　新的攻击的展开是以怀有恶意的攻击者在远处对计算机进行扫描，发现易受攻击的计算机后进行大规模的病毒和蠕虫的攻击。这些扫描是接连不断的，它不仅可以制造弱点的模式，而且在使用和进攻上非常活跃。它可以导致对有效载荷的破坏，修改或者窃取资料。这些易受攻击的系统包括了：Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003。

　　针对这些问题，安全专家做了一个调查，调查中发现没有安装RPC的 135个弱点端口遭受的攻击是程上升趋势的，而且调查还发现有3500个地址被扫描，并且早在七月就超过了这一数字。现在正以每月900个地址被扫描的速度递增。

　　由于大多数的计算机都存在遭受攻击的危险，而且安装补丁软件又需要太长时间，所以安全专家建议使用防火墙或者对通过135端口的数据流量进行过滤或阻击。这样就可以很好的防止这些潜在的破坏了。

昨天国内普遍出现宽带用户中招的现象，大规模出现的是称之为“冲击波”（新流言）的蠕虫病毒，该病毒英文名称Wrom.MSBlast.6176，仅6KB的小程序，该病毒正在疯狂传播。这个病毒攻击的端口是TCP135、TCP4444和UDP69端口。该病毒的攻击目标直指Windows Update，如果当前系统时间月份大于8月，或日期大于15号，该病毒会对"Windowsupdate.com"网站实施DOS攻击。这样就有可能影响用户正常使用Windows Update修补系统。对于拥有局域网的企事业来讲，该病毒的直接结果是引发局域网瘫痪。

请尽快下载补丁或使用防火墙，用网络防火墙关闭“135 139 445”三个端口，来防止病毒的攻击。

难道我中招了？

赶快升级，我许多同事都中招了

只要没有防火墙上网，中招概率相当大，我这边已经倒了一大片了，千万当心，做好备份！！

Web Worm Hits Windows, Crashes Computers

Tue August 12, 2003 06:35 PM ET

By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - An Internet worm called "Blaster" that attacks Windows operating systems spread across the globe on Tuesday, infecting and crashing home and office computers faster than technicians could install safeguards.

A computer security expert said the worm, which specifically targets computers running Windows XP and Windows 2000, could spread for a few days before tapering off.

At least 124,000 computers using Microsoft Corp.'s MSFT.O Windows software have been infected worldwide, according to a sample by Symantec Corp.'s Security Response sensor network.

"Corporate networks are getting hit pretty hard," said Alfred Huger, a senior director of engineering at Symantec. "Hundreds of machines are spontaneously rebooting throughout the environment."

Johannes Ullrich of the SANS Institute said the rate at which the worm was spreading seemed to be slowing a bit late Tuesday afternoon. SANS (SysAdmin, Auditing, Networking and Security Institute) is a security training and information organization based in Bethesda, Maryland.

Russ Cooper of TruSecure Corp., a security services provider in Herndon, Virginia, said peak worm activity had occurred between 2 a.m. and 3 a.m. eastern time on Tuesday.

Computers infected by Blaster scan the Internet looking for other machines running Windows that have an open security hole -- one that has not been "patched" or given a fix from Microsoft. The worm then sends itself to those computers.

Windows 2000 and XP computers in North America were getting scanned or infected after being connected to the Internet for an average of 25 minutes, Huger said.

Although some corporate networks were slowed by the worm, no impact on overall Internet traffic was detected.

The worm, also called MSBlaster or LoveSan, surfaced on Monday in the U.S. and quickly spread, taking advantage of a security hole discovered last month in Windows 2000, Windows XP, Windows NT, and Windows Server 2003 operating systems.

Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.

POORLY WRITTEN

The worm crashes some systems and infects others, but otherwise does no damage, Microsoft said.

"It's certainly not a good thing," Microsoft spokesman Sean Sundwall said. But, "it has not spread at the speed with which more notorious worms, such as Slammer and I Love You and Code Red, did."

That is because the worm was poorly written, according to Symantec's Huger, who said that new variations of it could be more virulent.

David Perry of Trend Micro, an anti-virus vendor based in Tokyo, noted that Slammer targeted SQL Server and Code Red targeted Microsoft's Web server program, which were used on fewer computers than XP and Windows 2000.

With Blaster, there are "100 million to 200 million machines that can be infected in the world, rather than a quarter of a million," Perry said.

Because Blaster does not spread through e-mail like worms typically do, most anti-virus software will not block it. However, anti-virus applications will let computer owners know if they have been infected and can help clean up the worm.

European and Asian anti-virus firms said they had heard from corporations were infected as their systems went online. Some government agencies in the U.S. reported widespread systems problems.

The state of Maryland closed 23 Motor Vehicle Administration offices at mid-day and the system was shut down to apply patches, said spokesman Jack Cahalan.

The computer network at Philadelphia's City Hall was also hit by the worm, according to a city official. Stanford University said 2,500 computers were infected and a Department of Homeland Security spokesman said there were sporadic reports from federal agencies of computers hit by the worm.

The patch is available at http://www.microsoft.com/security/. (Additional reporting by Bernhard Warner in London, Yoo Choonsik in Seoul and Andrea Orr in San Francisco)

昨天发现的,装PATCH时,原本几分钟能DOWNLOAD的文件,用了几小时(DOWN的人太多了),IT的人最后下班时也没干完,只好告诉我不能连网,得几天继续干.I hate Blastworm!

http://www.duba.net/download/3/91.shtml

还想请教：怎么用防火墙封闭端口？