GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Win98 and ME patch for Virus (https://gfy.com/showthread.php?t=82097)

jimmyf 10-11-2002 10:00 AM
Win98 and ME patch for Virus
 
I signed up for this news letter some time ago... Never noticed they are from Russia. I do know they put out some very good infomation.

VirusList.com Virus Alerts & Virus News. Friday, October 11, 2002
************************************************

1. How The "Opasoft" Worm Slithers Past Passwords
2. How to subscribe/unsubscribe

****

1. How The "Opasoft" Worm Slithers Past Passwords
The Opasoft worm was first detected at the end of September 2002 - by the beginning of October 2002 it had already caused a global epidemic.

Opasoft, also known as "Opaserv", is a network worm virus that uses MS Windows NETBIOS services. The worm itself is a Windows PE EXE file with a length of about 28KB.

One reason Opasoft has been successful is the recently discovered way
with which the worm manages to skirt past security passwords. Below is a
short description of the Opasoft worm, how it supplies "correct" passwords
and a link to a fix (patch).

Password Exploit:

To get passwords needed to gain access to victim machines, the worm uses
the security breach "share level password exploit". For a detailed
description of this exploit please click the following address:
http://www.nsfocus.com/english/homepage/sa_05.htm

The worm programmatically "suggests" a password field with only a one
character length to the victim host. When there is a one-byte password
"suggested", the host will check only the first byte of the password. In
case the first byte is correct, the autification process will be
successfully passed. As a result it is enough to try only all one-byte
passwords for the attacker to exploit vulnerable Win9x machines.

The patch for this vulnerability is available at:
http://www.microsoft.com/technet/sec...n/MS00-072.asp

To see the full Worm.Win32.Opasoft (a.k.a. Opaserv) description please
vist the Kaspersky Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=52256


Kaspersky Lab News Agent

-----
10 Geroyev Panfilovtcev St., Moscow, 123363, Russia
Telephone./Facsimile: +7 (095) 948 43 31
WWW: http://www.kaspersky.com, http://www.viruslist.com
FTP: ftp://ftp.kasperskylab.ru
E-mail: [email protected]

SykkBoy 11-04-2002 05:21 PM
Bumping this thread because just found out from the cable company that I had this on my machine and it was causing problems...fuck, now I really will have to upgrade to WinXP I guess...........fuck......I was so content with Win98....

KRL 11-04-2002 08:17 PM
Yep, its a slithering mother fucker. I got it about 2 weeks ago the same day I got a new DSL connection. I think one version of it scans networks for open ports also. Took a bitch to get it out of my system as it embeds itself all over the place. Snuck back on me two more times then I figured out the one file it was using to reinvigorate itself. Wasn't destructive, but just changed my desktop background. As far as I know, it didn't do any other damage.

McAfee Virus Scan caught it but only after it had wormed in a couple files first apparently.

I installed Sygate's Personal Firewall Pro V 5.0 the following day and haven't had any problems since.


All times are GMT -7. The time now is 02:45 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123