الحالة
موضوع مغلق

bnann

عضو ذهبي
#22
بارك الله فيك اخي ابو بدر

ما قصرت بيض الله وجهك

واعتقد انني وصلت الى المطلوب ان شاء الله
 

sikovluv

الوسـام الماسـي
#23
اخي الكريم , إن جميع روابط //0daycn.net تحتاج ل FlashGet كي تعمل. وانا استعمل منذ مدة قصيرة واكتشفت انه افضل جدار ناري رغم اني كنت معجبا بSygate Personal Firewall . اما عن الرابط الاخر http://download.iss.net/cgi-bin/download/getFile.pl/BISPSetup.exe?download=download.iss.net:eval/bipcprotection/BISPSetup.exe:Eval::::BISPSetup.exe فلم ينفع معهFlashGet ولكن اسعملت .GetRight
 

سيف

عضـو
#24


فقط احببت ان انوه ان تحذير الأخ الكريم gala صحيح وان هذه الدوده قد نزلت امس وضربت اكثر من 50 الف جهاز وحطمتها كلياً وجهازي كان احد الضحيه ولكن ولله الحمد استطاع ان يمسكها البي سي سيلين

للعلم ان هذه الدوده تأتي لمن لديه BlackIce بشكل خاص او من لديه برامج firewall بشكل عام

وقد انتبهت شركة BlackIce لما حصل امس لذلك يفضل على جميع الأخوة لمن يستعملون البلاك ايس على ان يقوموا بعمل تحديث وبأقرب وقت فإن اصابتك الدوده لا سمح الله فاعتبر ان جهازك قد انتهى فالدوده تحطم الهارديسك

تحياتي
 

فراس

موقوف
#25
تحذير

لمن يستخدمون برنامج الحماية Black ice أو احدى هذه المنتجات


BlackICE™ Agent for Server 3.6 ebz, ecd, ece, ecf
BlackICE PC Protection 3.6 cbz, ccd, ccf
BlackICE Server Protection 3.6 cbz, ccd, ccf
RealSecure® Network 7.0, XPU 22.4 and 22.10
RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
RealSecure Desktop 3.6 ebz, ecd, ece, ecf
RealSecure Guard 3.6 ebz, ecd, ece, ecf
RealSecure Sentry 3.6 ebz, ecd, ece, ecf


اضغط على التحذير
 

gala

عضو فعال
#26
W32/Witty.worm, WORM_WITTY.A

Infection Targets
- -----------------
Internet Security Systems BlackICE Agent for Server 3.6.0 ebz Internet Security Systems BlackICE Agent for Server 3.6.0 ecd Internet Security Systems BlackICE Agent for Server 3.6.0 ece Internet Security Systems BlackICE Agent for Server 3.6.0 ecf Internet Security Systems BlackICE PC Protection 3.6.0 .cbz Internet Security Systems BlackICE PC Protection 3.6.0 ccd Internet Security Systems BlackICE PC Protection 3.6.0 ccf Internet Security Systems BlackIce Server Protection 3.6.0 cbz Internet Security Systems BlackIce Server Protection 3.6.0 ccd Internet Security Systems BlackIce Server Protection 3.6.0 ccf Internet Security Systems RealSecure Desktop 3.6.0 ebz Internet Security Systems RealSecure Desktop 3.6.0 ecd Internet Security Systems RealSecure Desktop 3.6.0 ece Internet Security Systems RealSecure Desktop 3.6.0 ecf Internet Security Systems RealSecure Desktop 7.0.0 ebf Internet Security Systems RealSecure Desktop 7.0.0 ebj Internet Security Systems RealSecure Desktop 7.0.0 ebk Internet Security Systems RealSecure Desktop 7.0.0 ebl Internet Security Systems RealSecure Guard 3.6.0 ebz Internet Security Systems RealSecure Guard 3.6.0 ece Internet Security Systems RealSecure Guard 3.6.0 ecf Internet Security Systems RealSecure Guard 3.6.0 ecd Internet Security Systems RealSecure Network Sensor 7.0.0 XPU 22.10 Internet Security Systems RealSecure Network Sensor 7.0.0 XPU 22.4 Internet Security Systems RealSecure Sentry 3.6.0 ebz Internet Security Systems RealSecure Sentry 3.6.0 ece Internet Security Systems RealSecure Sentry 3.6.0 ecf Internet Security Systems RealSecure Sentry 3.6.0 ecd Internet Security Systems RealSecure Server Sensor 7.0.0 XPU 22.10 Internet Security Systems RealSecure Server Sensor 7.0.0 XPU 22.4 Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP4
Microsoft Windows 95
Microsoft Windows 95 SR2
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0.0
Microsoft Windows NT Enterprise Server 4.0.0 SP1
Microsoft Windows NT Enterprise Server 4.0.0 SP2
Microsoft Windows NT Enterprise Server 4.0.0 SP3
Microsoft Windows NT Enterprise Server 4.0.0 SP4
Microsoft Windows NT Enterprise Server 4.0.0 SP5
Microsoft Windows NT Enterprise Server 4.0.0 SP6
Microsoft Windows NT Enterprise Server 4.0.0 SP6a
Microsoft Windows NT Server 4.0.0
Microsoft Windows NT Server 4.0.0 SP1
Microsoft Windows NT Server 4.0.0 SP2
Microsoft Windows NT Server 4.0.0 SP3
Microsoft Windows NT Server 4.0.0 SP4
Microsoft Windows NT Server 4.0.0 SP5
Microsoft Windows NT Server 4.0.0 SP6
Microsoft Windows NT Server 4.0.0 SP6a
Microsoft Windows NT Terminal Server 4.0.0
Microsoft Windows NT Terminal Server 4.0.0 SP1
Microsoft Windows NT Terminal Server 4.0.0 SP2
Microsoft Windows NT Terminal Server 4.0.0 SP3
Microsoft Windows NT Terminal Server 4.0.0 SP4
Microsoft Windows NT Terminal Server 4.0.0 SP5
Microsoft Windows NT Terminal Server 4.0.0 SP6
Microsoft Windows NT Workstation 4.0.0
Microsoft Windows NT Workstation 4.0.0 SP1
Microsoft Windows NT Workstation 4.0.0 SP2
Microsoft Windows NT Workstation 4.0.0 SP3
Microsoft Windows NT Workstation 4.0.0 SP4
Microsoft Windows NT Workstation 4.0.0 SP5
Microsoft Windows NT Workstation 4.0.0 SP6
Microsoft Windows NT Workstation 4.0.0 SP6a
Microsoft Windows XP Home
Microsoft Windows XP Home SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Professional
Microsoft Windows XP Professional SP1

Summary
- -------
W32.Witty.Worm is a worm that exploits a vulnerability in the ICQ
parsing routines of ISS PAM module to gain unauthorized access to a
vulnerable system. This vulnerability has been described as Internet
Security Systems Protocol Analysis Module ICQ Parsing Buffer Overflow
Vulnerability in BID 9913. The worm also appears to corrupt data on the
physical disks of compromised hosts.

Executable Types
- ----------------
File / Binary / Portable Executable (PE)

Infection Vectors
- -----------------
Remotely Exploitable Vulnerability

Impact
- ------
Payload:
The worm also appears to corrupt data on the physical disks of
compromised hosts, which may lead to the system becoming unstable. Collateral Damage: The worm generates unusual UDP traffic with a source port of 4000/UDP
and sends itself to 20000 randomly generated IP addresses. The worm
propagation may result in a malevolent affect on network performance.

Symptoms
- --------
An attack may generate unusual UDP traffic with a source port of 4000
and a random destination port.

System may become unstable due to data corruption on physical disks.

Technical Description
- ---------------------
W32.Witty.Worm is a worm that exploits a vulnerability in the ICQ
parsing routines of ISS PAM module to gain unauthorized access to a
vulnerable system. This vulnerability has been described as Internet
Security Systems Protocol Analysis Module ICQ Parsing Buffer Overflow
Vulnerability in BID 9913.

The worm is reported to generate 20000 random IP addresses and send
itself to these IP addresses with a source port of 4000/UDP.

The worm appears to send itself as a single UDP datagram, which looks
like a valid ICQ packet. Although the worm sends UDP packets with a
fixed source port 4000, it has been reported that other source ports are
being used as well. The destination port for the traffic generated by
this worm is selected randomly. Ports 161/udp, 162/udp and 53/udp have
been used as destination ports by the malicious code.

This worm does not create files on the system and is considered a
memory-only based threat.

The worm attempts to repeat its propagation method again but ultimately
crashes after being overwritten with random data.

It has been reported that the worm may cause data corruption on the hard
drives of compromised hosts. The worm appears to write random data to
physical disks, which may lead to the system becoming unstable.
Specifically the worm attempts to overwrite 128 sectors in a random
location of one of the first eight physical hard drives with 65K bytes of
data from memory.

Due to a lack of details further information cannot be provided at the
moment. This MCID will be updated as more information becomes
available.

Mitigating Strategies
- ---------------------
Use a firewall to block all incoming connections from the Internet to
services that should not be publicly available. You should by default
deny all incoming connections and only allow explicitly services you want
to offer to the outside world. If an attacker cannot connect to a service
they cannot exploit it.
 
الحالة
موضوع مغلق

أعلى