Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: msblast

From: "gml" <gml () phrick net>
Date: Mon, 11 Aug 2003 19:23:19 -0400
Does anyone know if it somehow disables the ability to use Windows Update
features?

For some reason I can no longer run windows update, I'm going to look into
it.

 

 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of harq deman
Sent: Monday, August 11, 2003 5:31 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] msblast

 

yawn.. OK.. the worm.. again

 

It scans a randon b class based on the current hosts address

it does not kill any AV products or firewalls

it does not hide processes, files or network activity from the kernel

 

when it packets windowsupdate.com on the 16th, it spoofs the last 2 octets
of the source ip address, and continues to scan

 

D-.. must try harder

 

--harq
Previous By Date Next
Previous By Thread Next

Current thread: