Full Disclosure mailing list archives
RE: possible MS03-026 worm?
From: "mobly99" <dhopper () ameritech net>
Date: Sat, 2 Aug 2003 13:03:30 -0500
I forwarded the files I found to neohapsis and securityfocus. I'm not equipped with the knowledge to disassemble the code hopefully they can shed some light. The rpctest.exe appears to determine the remote system's OS and spawns a shell, which you can then telnet to. Tftpd.exe is this tftp server : http://www.hanewin.de/e-tftp.htm Worm.exe is a SFX that has rpc.exe tftpd.exe and rpctest.exe in them, extracts and launches them.... -Dave Hopper
Attachment:
smime.p7s
Description:
Current thread:
- possible MS03-026 worm? mobly99 (Aug 02)
- Re: possible MS03-026 worm? tcpdumb (Aug 02)
- Re: possible MS03-026 worm? CHeeKY (Aug 02)
- RE: possible MS03-026 worm? mobly99 (Aug 02)
- Re: possible MS03-026 worm? CHeeKY (Aug 02)
- <Possible follow-ups>
- RE: possible MS03-026 worm? mobly99 (Aug 02)
- RE: RE: possible MS03-026 worm? Justin Shin (Aug 02)
- Re: RE: possible MS03-026 worm? morning_wood (Aug 02)
- Re: RE: possible MS03-026 worm? CHeeKY (Aug 02)
- RE: possible MS03-026 worm? mobly99 (Aug 03)
- Re: possible MS03-026 worm? Georgi Guninski (Aug 03)
- Re: possible MS03-026 worm? tcpdumb (Aug 02)