Full Disclosure mailing list archives
Windows RPC/DCOM - MSBlast Worm
From: Craig Baltes <craig () lurhq com>
Date: 11 Aug 2003 15:42:36 -0400
Here's more on the new Windows RPC/DCOM worm. This one seems pretty simple so far. It does most of what you may have seen on isc.sans.org: - exploits via port 135/RPC. - downloads binary (msblast.exe) via tftp. - adds a registry key to re-start after reboot AND: - On the 16th, syn-floods (with spoofed sources) windowsupdate.com. -- Craig Baltes GCIA, CCSE Senior Information Security Analyst LURHQ corp. www.lurhq.com craig () lurhq com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows RPC/DCOM - MSBlast Worm Craig Baltes (Aug 11)
- Re: Windows RPC/DCOM - MSBlast Worm Paul Schmehl (Aug 11)