Full Disclosure mailing list archives

Re: Red Bull Worm

From: KF <dotslash () snosoft com>
Date: Thu, 07 Aug 2003 14:46:33 +0000

 targets[] =
 {
  { "[Win2k-Universal]", 0x0018759F },
  { "[WinXP-Universal]", 0x0100139d },
}, v;




http://packetstorm.linuxsecurity.com/filedesc/oc192-dcom.c.html
-KF


Adam wrote:

FYI - k-otik released a universal exploit that doesn't need 48 different
offsets.  It uses 2. One for win2k and one for XP. ( In case noone noticed )



Adam Richards
Network Administrator
WorldNet Communications, Inc.
318-213-9827 / Fax 318-213-8534
World Class Technology, Hometown Service


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Joel R.
Helgeson
Sent: Thursday, August 07, 2003 10:54 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Red Bull Worm


Lets see, the last big worm to exploit windows was named Code Red after the
Mountain Dew Code Red was brought to market.  Being that this worm is much
more effective than Code Red ever was, I say worm should be named Red Bull
as it is sure to exhibit much more energy than the Code Red worm.

---- Original Message -----
From: "Stephen" <alf1num3rik () yahoo com>
To: <full-disclosure () lists netsys com>
Sent: Thursday, August 07, 2003 5:25 AM
Subject: [Full-disclosure] DCOM Worm/scanner/autorooter !!!

Hello here,

a new worm is on the wild, it uses the exploit
released by k-otik (48 targets -
http://www.k-otik.com/exploits/07.30.dcom48.c.php)

look this shit :

/* RPC DCOM WORM v 2.2  -
* This code is in relation to a specific DDOS IRCD
botnet project.
* You may edit the code, and define which ftp to
login
* and which .exeutable file to recieve and run.
* I use spybot, very convienent
* -
* So basicly script kids and brazilian children, this
is useless to you
*

So PATCH PATCH PATCH and block the ports 135 - 139
-445 - 593

Regards.

Stephen - Germany

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

DCOM Worm/scanner/autorooter !!! Stephen (Aug 07)
- Red Bull Worm Joel R. Helgeson (Aug 07)
  - Re: Red Bull Worm Berend-Jan Wever (Aug 07)
    - Re: Red Bull Worm CHeeKY (Aug 07)
    - RE: Red Bull Worm gml (Aug 07)
  - Re: Red Bull Worm Brian Eckman (Aug 07)
    - Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
    - Re: Red Bull Worm Joel R. Helgeson (Aug 07)
    - Re: Red Bull Worm Brian Eckman (Aug 07)
  - RE: Red Bull Worm Adam (Aug 07)
    - Re: Red Bull Worm KF (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
  - RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- <Possible follow-ups>
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
  - Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
    - Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)