As of this morning both McAfee and Norton are indicating that these viruses are probably the same with some slight variances. They are also suggesting that in addition to blocking TCP port 135 and 4444, that firewalls also block UDP port 69.
Once the virus infects one machine via the Internet that machine becomes a host and starts scanning machines on the inside of the firewall and infects those machines that have port 135 open and do not have the MS patch installed.
The virus also performs a DOS (Denial of Service) attack on the Microsoft Update website which is intended to prevent users from downloading the patch.
There are still components of the virus that they are trying to figure out the purpose of. Although this virus seems to be more of a pain in the neck than anything else, the possible variations of this type of attack are enormous. Get your machines patched!
No comments:
Post a Comment