The w32.blaster worm has been edited, there is something out there called "San-maztah" which doesn't need the port open for the dcom flaw to be exploited, m$ has yet to reply, but as you can see by this shocking log of packets that hit my computer just minutes ago, it does not need port 135 open, merely a box running the dcom rpc, so i suggest editing your registrys to not let this new exploit effect you.
The Packets:
0x0000 5554 4F4F 4B54 4F4F 4D55 4348 5449 4D45
0x0010 40ab bf45 0035 8005 0071 266a caef 8580
0x0020 0001 0001 0001 0000 0231 3202 3238 0231
0x0030 3303 3230 3607 696e 2d61 6464 7204 6172
0x0040 7061 0000 0c00 01c0 0c00 0c00 0100 000e
That was the First Packet I Got, as you can tell, the message is "Kill George Bush" with the exploit, and the url to ping back to so that it would send the real exploit.
0x0000 4500 0134 1a23 0000 fa11 bb8b ce0d 1c0c
0x0010 40ab bf45 0035 8024 0120 1699 d40a 8580
0x0020 0001 0001 0005 0005 0d70 6963 7475 7265
0x0030 732d 6672 6565 036f 7267 0000 0100 010d
0x0040 7069 6374 7572 6573 2d66 7265 6503 6f72
As we can tell this is a dangerous worm indeed, The only way you can be assured it wont get you is to mess with your registry, or stay offline for a few days till the isps arrest the user responsible, and stop it.
The Packets:
0x0000 5554 4F4F 4B54 4F4F 4D55 4348 5449 4D45
0x0010 40ab bf45 0035 8005 0071 266a caef 8580
0x0020 0001 0001 0001 0000 0231 3202 3238 0231
0x0030 3303 3230 3607 696e 2d61 6464 7204 6172
0x0040 7061 0000 0c00 01c0 0c00 0c00 0100 000e
That was the First Packet I Got, as you can tell, the message is "Kill George Bush" with the exploit, and the url to ping back to so that it would send the real exploit.
0x0000 4500 0134 1a23 0000 fa11 bb8b ce0d 1c0c
0x0010 40ab bf45 0035 8024 0120 1699 d40a 8580
0x0020 0001 0001 0005 0005 0d70 6963 7475 7265
0x0030 732d 6672 6565 036f 7267 0000 0100 010d
0x0040 7069 6374 7572 6573 2d66 7265 6503 6f72
As we can tell this is a dangerous worm indeed, The only way you can be assured it wont get you is to mess with your registry, or stay offline for a few days till the isps arrest the user responsible, and stop it.
