Full Disclosure mailing list archives
Re: Red Bull Worm
From: KF <dotslash () snosoft com>
Date: Thu, 07 Aug 2003 14:46:33 +0000
targets[] = { { "[Win2k-Universal]", 0x0018759F }, { "[WinXP-Universal]", 0x0100139d }, }, v;
http://packetstorm.linuxsecurity.com/filedesc/oc192-dcom.c.html -KF Adam wrote:
FYI - k-otik released a universal exploit that doesn't need 48 different offsets. It uses 2. One for win2k and one for XP. ( In case noone noticed ) Adam Richards Network Administrator WorldNet Communications, Inc. 318-213-9827 / Fax 318-213-8534 World Class Technology, Hometown Service -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Joel R. Helgeson Sent: Thursday, August 07, 2003 10:54 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Red Bull Worm Lets see, the last big worm to exploit windows was named Code Red after the Mountain Dew Code Red was brought to market. Being that this worm is much more effective than Code Red ever was, I say worm should be named Red Bull as it is sure to exhibit much more energy than the Code Red worm. ---- Original Message ----- From: "Stephen" <alf1num3rik () yahoo com> To: <full-disclosure () lists netsys com> Sent: Thursday, August 07, 2003 5:25 AM Subject: [Full-disclosure] DCOM Worm/scanner/autorooter !!!Hello here, a new worm is on the wild, it uses the exploit released by k-otik (48 targets - http://www.k-otik.com/exploits/07.30.dcom48.c.php) look this shit : /* RPC DCOM WORM v 2.2 - * This code is in relation to a specific DDOS IRCD botnet project. * You may edit the code, and define which ftp to login * and which .exeutable file to recieve and run. * I use spybot, very convienent * - * So basicly script kids and brazilian children, this is useless to you * So PATCH PATCH PATCH and block the ports 135 - 139 -445 - 593 Regards. Stephen - Germany __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM Worm/scanner/autorooter !!! Stephen (Aug 07)
- Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: Red Bull Worm Berend-Jan Wever (Aug 07)
- Re: Red Bull Worm CHeeKY (Aug 07)
- RE: Red Bull Worm gml (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
- Re: Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- Re: Red Bull Worm Berend-Jan Wever (Aug 07)
- RE: Red Bull Worm Adam (Aug 07)
- Re: Red Bull Worm KF (Aug 07)
- Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
- RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- <Possible follow-ups>
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)