Full Disclosure mailing list archives

Re: DCOM Worm/scanner/autorooter !!!

From: roman.kunz () juliusbaer com
Date: Fri, 8 Aug 2003 10:58:04 +0200

hi folks,

already saw a re-edited one whitch has only two targets (just as the last 
sploit by k-otik).

<cut>
/* RPC DCOM WORM v 2.3  - 
 * originally by volkam, fixed and beefed by uv/graff
 * even more original concept by LSD-pl.net
 * original code by HDM 
 *
 * --
 * This code is in relation to a specific DDOS IRCD botnet project.
 * You may edit the code, and define which ftp to login
 * and which .exeutable file to recieve and run.
 * I use spybot, very convienent
 * -
 * So basicly script kids and brazilian children, this is useless to you
 * 
 * -
 * shouts: darksyn - true homie , giver of 0d4yz, and testbeds
 *         volkam  - top sekret agent man 
 *         ntfx    - master pupil 
 *         jpahk   - true homie #2
 *         k3r0m   - made that shit universal (2 targets WinXP - Win2k)
 *
 * Legion2000 Security Research (c) 2003 
 * - 
 *  enjoy! 
 **************************************************************/
</cut>
as stephen said: PATCH PATCH PATCH (it'll be a funny week-end).
c y'all
--r


--- Stephen <alf1num3rik () yahoo com> wrote:


Hello here,

a new worm is on the wild, it uses the exploit
released by k-otik (48 targets - 
http://www.k-otik.com/exploits/07.30.dcom48.c.php)

look this shit :

/* RPC DCOM WORM v 2.2  - 
 * This code is in relation to a specific DDOS IRCD
botnet project.
 * You may edit the code, and define which ftp to
login
 * and which .exeutable file to recieve and run.
 * I use spybot, very convienent
 * -
 * So basicly script kids and brazilian children,
this
is useless to you
 * 

So PATCH PATCH PATCH and block the ports 135 - 139
-445 - 593

Regards.

Stephen - Germany



PS: try some o' this : echo "   #include <stdio.h>
                                main()
                                {
                                        asm("jmp" .);
                                }" > r0m.c && gcc -o r0m r0m.c && ./r0m
 

*****Disclaimer*****
This message is for the addressee only and may contain confidential or 
privileged information. You must delete and not use it if you are not the 
intended recipient. It may not be secure or error-free. All e-mail 
communications to and from the Julius Baer Group may be monitored. 
Processing of incoming e-mails cannot be guaranteed. Any views expressed 
in this message are those of the individual sender. This message is for 
information purposes only. All liability of the Julius Baer Group and its 
entities for any damages resulting from e-mail use is excluded. US persons 
are kindly requested to read the important legal information presented 
after clicking here: http://www.juliusbaer.com/maildisclaimer

Current thread:

Re: Red Bull Worm, (continued)
- - - Re: Red Bull Worm CHeeKY (Aug 07)
    - RE: Red Bull Worm gml (Aug 07)
  - Re: Red Bull Worm Brian Eckman (Aug 07)
    - Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
    - Re: Red Bull Worm Joel R. Helgeson (Aug 07)
    - Re: Red Bull Worm Brian Eckman (Aug 07)
  - RE: Red Bull Worm Adam (Aug 07)
    - Re: Red Bull Worm KF (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
  - RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
  - Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
    - Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)