Full Disclosure mailing list archives
Re: [normal] RE: Re: Secure.dcom.exe
From: opticfiber <opticfiber () topsight net>
Date: Sun, 10 Aug 2003 00:48:02 -0400
I finally got a reply back from symantec regarding the file you posted to the list, see below. Not the only change I made to the file was the extension from EXE to TXT as to prevent accidental execution.This message is an automatically generated reply. This system is designed to analyze and process virus submissions into the Symantec Security Response and cannot accept correspondence or inquiries. Please contact your Technical Support representative if more detailed information about your submission is required. Do not reply to this message.
Below is a status update on your virus submission: Date: August 9, 2003 William Reyor Topsight.net
Dear William Reyor, We have analyzed your submission. The following is a report of our findings for each file you have submitted: filename: C:\Documents and Settings\w_r_r_optical_desktop_systems\Desktop\secure.dcom.txt machine: TIC-UZMPKXFW5YCresult: See the developer notes
Developer notes:C:\Documents and Settings\wreyor\Desktop\secure.dcom.txt does not appear to contain malicious code.
Our automated system has performed an extensive analysis on the file(s) that you have submitted and found no evidence of malicious code. If you have additional evidence to suggest that a malicious program still resides in the file that was submitted to us, please contact Symantec Technical Support for assistance. ---------------------------------------------------------------------- This message was generated by Symantec Security Response automationShould you have any questions about your submission, please contact our regional technical support from the Symantec website (http://www.symantec.com/techsupp/) and give them the tracking number in the subject of this message.
-------------------------------------------- Wcc wrote:
opticfiber wrote:On a chance I connected to the irc servermentioned.(irc.homelien.no).Did a channel search for "rpc" and found a channel called"#rpcfucked"with a contant stream of clients connecting anddisconnecting. Belowis a transcript of the channel for about five minutes or so.They all appear to be on either eatel.net or arcor-ip.net's networks. This would lead me to believe that this worm infects via it's own network and not by finding random ip's. Will Buckner (Wcc) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Secure.dcom.exe opticfiber (Aug 08)
- Re: Secure.dcom.exe opticfiber (Aug 08)
- RE: Re: Secure.dcom.exe Wcc (Aug 08)
- Re: [normal] RE: Re: Secure.dcom.exe opticfiber (Aug 09)
- Re: RPC DCOM footprints - Symantec sucks? morning_wood (Aug 10)
- RE: Re: Secure.dcom.exe Wcc (Aug 08)
- Re: Secure.dcom.exe opticfiber (Aug 08)