Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Windows RPC/DCOM - MSBlast Worm

From: Craig Baltes <craig () lurhq com>
Date: 11 Aug 2003 15:42:36 -0400
Here's more on the new Windows RPC/DCOM worm.

This one seems pretty simple so far. It does most of what you may have
seen
on isc.sans.org:
- exploits via port 135/RPC.
- downloads binary (msblast.exe) via tftp.
- adds a registry key to re-start after reboot

AND:
- On the 16th, syn-floods (with spoofed sources) windowsupdate.com.

-- 
Craig Baltes GCIA, CCSE
Senior Information Security Analyst
LURHQ corp. www.lurhq.com
craig () lurhq com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: