Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Secure.dcom.exe

From: "Wcc" <wcc () techmonkeys org>
Date: Fri, 8 Aug 2003 15:50:08 -0400
opticfiber wrote:


On a chance I connected to the irc server 

mentioned.(irc.homelien.no). 

Did a channel search for "rpc" and found a channel called 

"#rpcfucked" 

with a contant stream of clients connecting and 

disconnecting. Below 

is a transcript of the channel for about five minutes or so.


They all appear to be on either eatel.net or arcor-ip.net's networks. This
would lead me to believe that this worm infects via it's own network and not
by finding random ip's.

Will Buckner (Wcc)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: