Win98 and ME patch for Virus - GoFuckYourself.com

jimmyf · 10-11-2002, 10:00 AM

I signed up for this news letter some time ago... Never noticed they are from Russia. I do know they put out some very good infomation.

VirusList.com Virus Alerts & Virus News. Friday, October 11, 2002
************************************************

1. How The "Opasoft" Worm Slithers Past Passwords
2. How to subscribe/unsubscribe

****

1. How The "Opasoft" Worm Slithers Past Passwords
The Opasoft worm was first detected at the end of September 2002 - by the beginning of October 2002 it had already caused a global epidemic.

Opasoft, also known as "Opaserv", is a network worm virus that uses MS Windows NETBIOS services. The worm itself is a Windows PE EXE file with a length of about 28KB.

One reason Opasoft has been successful is the recently discovered way
with which the worm manages to skirt past security passwords. Below is a
short description of the Opasoft worm, how it supplies "correct" passwords
and a link to a fix (patch).

Password Exploit:

To get passwords needed to gain access to victim machines, the worm uses
the security breach "share level password exploit". For a detailed
description of this exploit please click the following address:
http://www.nsfocus.com/english/homepage/sa_05.htm

The worm programmatically "suggests" a password field with only a one
character length to the victim host. When there is a one-byte password
"suggested", the host will check only the first byte of the password. In
case the first byte is correct, the autification process will be
successfully passed. As a result it is enough to try only all one-byte
passwords for the attacker to exploit vulnerable Win9x machines.

The patch for this vulnerability is available at:
http://www.microsoft.com/technet/sec...n/MS00-072.asp

To see the full Worm.Win32.Opasoft (a.k.a. Opaserv) description please
vist the Kaspersky Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=52256

Kaspersky Lab News Agent

-----
10 Geroyev Panfilovtcev St., Moscow, 123363, Russia
Telephone./Facsimile: +7 (095) 948 43 31
WWW: http://www.kaspersky.com, http://www.viruslist.com
FTP: ftp://ftp.kasperskylab.ru
E-mail: [email protected]

SykkBoy · 11-04-2002, 05:21 PM

Bumping this thread because just found out from the cable company that I had this on my machine and it was causing problems...fuck, now I really will have to upgrade to WinXP I guess...........fuck......I was so content with Win98....

KRL · 11-04-2002, 08:17 PM

Yep, its a slithering mother fucker. I got it about 2 weeks ago the same day I got a new DSL connection. I think one version of it scans networks for open ports also. Took a bitch to get it out of my system as it embeds itself all over the place. Snuck back on me two more times then I figured out the one file it was using to reinvigorate itself. Wasn't destructive, but just changed my desktop background. As far as I know, it didn't do any other damage.

McAfee Virus Scan caught it but only after it had wormed in a couple files first apparently.

I installed Sygate's Personal Firewall Pro V 5.0 the following day and haven't had any problems since.

10-11-2002, 10:00 AM	#1
jimmyf OU812 Join Date: Feb 2001 Location: California Posts: 12,651	Win98 and ME patch for Virus I signed up for this news letter some time ago... Never noticed they are from Russia. I do know they put out some very good infomation. VirusList.com Virus Alerts & Virus News. Friday, October 11, 2002 ********************************************** 1. How The "Opasoft" Worm Slithers Past Passwords 2. How to subscribe/unsubscribe ** 1. How The "Opasoft" Worm Slithers Past Passwords The Opasoft worm was first detected at the end of September 2002 - by the beginning of October 2002 it had already caused a global epidemic. Opasoft, also known as "Opaserv", is a network worm virus that uses MS Windows NETBIOS services. The worm itself is a Windows PE EXE file with a length of about 28KB. One reason Opasoft has been successful is the recently discovered way with which the worm manages to skirt past security passwords. Below is a short description of the Opasoft worm, how it supplies "correct" passwords and a link to a fix (patch). Password Exploit: To get passwords needed to gain access to victim machines, the worm uses the security breach "share level password exploit". For a detailed description of this exploit please click the following address: http://www.nsfocus.com/english/homepage/sa_05.htm The worm programmatically "suggests" a password field with only a one character length to the victim host. When there is a one-byte password "suggested", the host will check only the first byte of the password. In case the first byte is correct, the autification process will be successfully passed. As a result it is enough to try only all one-byte passwords for the attacker to exploit vulnerable Win9x machines. The patch for this vulnerability is available at: http://www.microsoft.com/technet/sec...n/MS00-072.asp To see the full Worm.Win32.Opasoft (a.k.a. Opaserv) description please vist the Kaspersky Virus Encyclopedia at: http://www.viruslist.com/eng/viruslist.html?id=52256 Kaspersky Lab News Agent ----- 10 Geroyev Panfilovtcev St., Moscow, 123363, Russia Telephone./Facsimile: +7 (095) 948 43 31 WWW: http://www.kaspersky.com, http://www.viruslist.com FTP: ftp://ftp.kasperskylab.ru E-mail: [email protected] __________________ Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting

11-04-2002, 05:21 PM	#2
SykkBoy Jesus loves bacon Industry Role: Join Date: Feb 2001 Location: Sin City, Motherfucker Posts: 19,969	Bumping this thread because just found out from the cable company that I had this on my machine and it was causing problems...fuck, now I really will have to upgrade to WinXP I guess...........fuck......I was so content with Win98.... __________________ Support my new movie “The Second Coming”

11-04-2002, 08:17 PM	#3
KRL Entrepreneur Join Date: Oct 2002 Location: USA Posts: 31,429	Yep, its a slithering mother fucker. I got it about 2 weeks ago the same day I got a new DSL connection. I think one version of it scans networks for open ports also. Took a bitch to get it out of my system as it embeds itself all over the place. Snuck back on me two more times then I figured out the one file it was using to reinvigorate itself. Wasn't destructive, but just changed my desktop background. As far as I know, it didn't do any other damage. McAfee Virus Scan caught it but only after it had wormed in a couple files first apparently. I installed Sygate's Personal Firewall Pro V 5.0 the following day and haven't had any problems since.