Blaster Worm Analysis

[Dave Farber <dave () farber net>]

> Reply-To: "monty solomon" <monty () roscom com>
> From: "monty solomon" <monty () roscom com>
> To: "list" <list () roscom com>
> Subject: Blaster Worm Analysis
> Date: Tue, 12 Aug 2003 15:02:01 -0400
>
>
> Blaster Worm Analysis
>
> Release Date:
> 8/11/2003
>
> Severity:
> High
>
> Description:
> The Blaster worm uses a series of components to successfully infect a
> host.  The first component is a publicly available RPC DCOM exploit that
> binds a system level shell to port 4444.  This exploit is used to
> initiate a command channel between the infecting agent and the
> vulnerable target.  Once the target is successfully compromised, the
> worm transmits the msblast.exe executable (the main body of the worm)
> via TFTP to infect the host.  The payload used in the public DCOM
> exploit, as well as the TFTP functionality, are both encapsulated within
> msblast.exe.
>
> http://www.eeye.com/html/Research/Advisories/AL20030811.html

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/