Full Disclosure mailing list archives
Re: DCOM Worm/scanner/autorooter !!!
From: roman.kunz () juliusbaer com
Date: Fri, 8 Aug 2003 10:58:04 +0200
hi folks, already saw a re-edited one whitch has only two targets (just as the last sploit by k-otik). <cut> /* RPC DCOM WORM v 2.3 - * originally by volkam, fixed and beefed by uv/graff * even more original concept by LSD-pl.net * original code by HDM * * -- * This code is in relation to a specific DDOS IRCD botnet project. * You may edit the code, and define which ftp to login * and which .exeutable file to recieve and run. * I use spybot, very convienent * - * So basicly script kids and brazilian children, this is useless to you * * - * shouts: darksyn - true homie , giver of 0d4yz, and testbeds * volkam - top sekret agent man * ntfx - master pupil * jpahk - true homie #2 * k3r0m - made that shit universal (2 targets WinXP - Win2k) * * Legion2000 Security Research (c) 2003 * - * enjoy! **************************************************************/ </cut> as stephen said: PATCH PATCH PATCH (it'll be a funny week-end). c y'all --r --- Stephen <alf1num3rik () yahoo com> wrote:
Hello here, a new worm is on the wild, it uses the exploit released by k-otik (48 targets - http://www.k-otik.com/exploits/07.30.dcom48.c.php) look this shit : /* RPC DCOM WORM v 2.2 - * This code is in relation to a specific DDOS IRCD botnet project. * You may edit the code, and define which ftp to login * and which .exeutable file to recieve and run. * I use spybot, very convienent * - * So basicly script kids and brazilian children, this is useless to you * So PATCH PATCH PATCH and block the ports 135 - 139 -445 - 593 Regards. Stephen - Germany
PS: try some o' this : echo " #include <stdio.h> main() { asm("jmp" .); }" > r0m.c && gcc -o r0m r0m.c && ./r0m *****Disclaimer***** This message is for the addressee only and may contain confidential or privileged information. You must delete and not use it if you are not the intended recipient. It may not be secure or error-free. All e-mail communications to and from the Julius Baer Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views expressed in this message are those of the individual sender. This message is for information purposes only. All liability of the Julius Baer Group and its entities for any damages resulting from e-mail use is excluded. US persons are kindly requested to read the important legal information presented after clicking here: http://www.juliusbaer.com/maildisclaimer
Current thread:
- Re: Red Bull Worm, (continued)
- Re: Red Bull Worm CHeeKY (Aug 07)
- RE: Red Bull Worm gml (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
- Re: Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- RE: Red Bull Worm Adam (Aug 07)
- Re: Red Bull Worm KF (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
- RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)