RPC Vulnerability Being Exploited Causing Shutdowns

Published by

Multiple PC's across the NTL cable network (and possibly others) are being remotely shutdown by an RPC (Remote procedure call) exploit. A dialog box will pop up instructing the user that the system will shutdown in 60 seconds. Read More for more informations and a hotfix, german visitors click here This exploit may be related to the buffer overrun vulnerability in the RPC interface that was reported some weeks ago. A patch for this is available here

http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Update: The attack has now escalated to dozens of isp's, i have had reports from 100's of people.

The patch link i posted earlier has been confirmed to stop the shutdown messages from appearing - but this just confirms its a buffer underrun attack, which indicates the shutdown message is not the main payload. The RPC service is crashing due to a buffer underun , which is causing the forced shutdown to occur because windows cannot function without it. Before it crashes arbitrary code is executed - i've had unconfirmed reports of trojan virus's being found after the incident.

XP Shutdown Exploit Guide

lots of people have being having problems with xp shutting down with remote shutdown exploiting from a file named msblast.exe , this can be fixed by doing the following in this little guide i put together.

XP Shutdown Exploit Guide

Thanks to Mr A for the Guide.