FYI In a move that can only be considered ground breaking, our MS rep sent out a bulletin that advises us to patch machines. They are apparently going to start phoning some of their customers to follow up on the bulletin they issued. Must be serious. -----Original Message----- From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] Sent: Friday, August 01, 2003 2:46 PM To: thin@xxxxxxxxxxxxx If the ports are filtered and the workstations were compromised to the effect of releasing a payload against the rest of the network it has to be a Trojan of some type. Which would mean if your AV definitions aren't up to date, whoops. If they are, I'd be getting on my vendor about it. :-) -----Original Message----- From: Nail, Larry [mailto:lnail@xxxxxx] Sent: Friday, August 01, 2003 3:16 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: *** RPC ALERT *** We got hit. Is this coming through your firewall, or via a Trojan inside? -----Original Message----- From: John Twilley [mailto:John.Twilley@xxxxxxxxxxxxxxxxxxxxx] Sent: Friday, August 01, 2003 12:49 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: *** RPC ALERT *** We got hit. Yes. DOS type attack against the RPC port 135 will not trigger antivirus. -----Original Message----- From: George Yobst [mailto:george2@xxxxxxxxxxxxxxx] Sent: Friday, August 01, 2003 1:01 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: *** RPC ALERT *** We got hit. Did you have antivirus software installed on it? -George John Twilley wrote: > > Just a heads up... > You all have heard on the RPC exploit that effects Win NT/2000/XP/2003. > > We just got a taste of it in our Italy office...and it is BAD! VERY BAD. > > > Win XP / 2000 / 2003 > > You will notice that the DEFAULT recover setting for the RPC service > is to > (Drum-Roll) > RESTART the server after 1 minute. > > Guess what, it does. > Server restarts every couple of minutes. > > WOW. > > Take it from me... PATCH EVERYTHING NOW. Yes. Everything. > > More Details. > http://www.microsoft.com/technet/treeview/?url=/technet/security/bulle > tin/MS > 03-026.asp ------------------------------------------------------------------------ --- George Yobst, Library Technology Analyst phone: 503.723.4890 Library Information Network of Clackamas County fax: 503.794.8238 16239 SE McLoughlin Blvd, Suite 208 web: http://www.lincc.lib.or.us Oak Grove, OR 97267-4654 email: george@xxxxxxxxxxxxxxx "...it is impossible for anyone to begin to learn what he thinks he already knows." - Epictetus ******************************************************** This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=130 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=130 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=130 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=130 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=130 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm