Interesting People mailing list archives
Blaster Worm Analysis
From: Dave Farber <dave () farber net>
Date: Tue, 12 Aug 2003 16:56:26 -0400
Reply-To: "monty solomon" <monty () roscom com> From: "monty solomon" <monty () roscom com> To: "list" <list () roscom com> Subject: Blaster Worm Analysis Date: Tue, 12 Aug 2003 15:02:01 -0400 Blaster Worm Analysis Release Date: 8/11/2003 Severity: High Description: The Blaster worm uses a series of components to successfully infect a host. The first component is a publicly available RPC DCOM exploit that binds a system level shell to port 4444. This exploit is used to initiate a command channel between the infecting agent and the vulnerable target. Once the target is successfully compromised, the worm transmits the msblast.exe executable (the main body of the worm) via TFTP to infect the host. The payload used in the public DCOM exploit, as well as the TFTP functionality, are both encapsulated within msblast.exe. http://www.eeye.com/html/Research/Advisories/AL20030811.html
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Blaster Worm Analysis Dave Farber (Aug 12)