Do what Prime said, also update your antiviurs defs and run an A\V scan.


Update Windows, Update IE to latest-- windows itself is the most vulnerable, some of the patches made in late July kill parts of the problem (the ones that talk about remote control of a computer, Microsoft does not figure that most folks would understand RPC implications). There are security patches for RPC. Remote Programmatic Control also allows for control of a program or computer remotely, in this case an attacker who knows the exploits can launch a remote DDOS attack from computrs with the vulnerability.

In This Particular Case, I would also change my admin password and make sure the remote aid or remote computer control feature in XP is off if you have XP. It defaults on, and it has holes in it. Do not use that for aceessing your computer at home from work until you have the patches, and if must use change the password on your home computer.
Ideally, do not use it until after you have the computer secured-- big time secured, and the patching might take a while to become available for all of these features that relate to RPC.

There was a hacker's (not true black hat in the sense of breakers mostly, as Microsoft even threw a dinner to thank the folks that participated to thank them for helping to make Windows more secure at the end of that dinner (not all of them, but I do not have lists needless to say)) conference and LAN out in the desert and Microsoft will be using some of the stuff that was fully isolated from that to tighten down Windows. eWeek had an article online about "Microsoft makes nice to security experts" late last week telling about the curious nature of that dinner.

I have been hearing from eWeek about this for a month, including CERT advisiory sysnopses. This particular vulnerability set (more than one that relate to RPC) has been openly discussed for quite a while.

Computer Security folks are concerned in many places that there will be hackers taking advantages of this more than they have. It is possible to use a remote computer to route through the web using RPC. They are most concerned about a worm, but so far no one piece of malware has itself been discovered that does this particular routing.

This thread shold be in security also, or cross-linked to there, if this site has a Computer Security area. As I get specifics that have been acted on I will pass them on - fixes and patches that are needed, etc, worms if any that have definition patches as things develop. Just be aware that the remote computer control uses RPC in part, and packets for RPC are program level port packets that do not use TCP\IP first, they seek network wide on any net the RPC functionality is not closed off on. Unfortunately, some web devs have also used program specific ports to feed things, so the SpyBot S&D idea is a good one to try also.

Prime was right, in saying to do what he did say to do, but these things will also help some to make the risk overall smaller. If the program being called does not respond, no message will go back.

Trivial FTP is HHTPable FTP, by the way. This that the thread starter posted about could have been a scan, but anomalies like this are what wake us up to holes and the need to clean house. normally Trivial FTP uses port or IP address plus port. A good firewall like Sygate can help close off a search for FTP servers at the boxes' network cards and not allow things to continue inot the O\S deeply. A good firewall inspects packets from the NIC, and requests for use of NIC ports. Putting a good firewall in an aggressive mode is a good way to truncate junk in or out and with a good AV product on Windows one can also check outbound and incoming email which is a good preattack malware spreading vector right now because so many networks and machines are vulnerable (due to old defs or expired antivirus subscriptions or lack of making that scanning active and checking every once in a while to make sure the software is not compromised).