Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DCOM Worm released

From: daniel uriah clemens <daniel_clemens () autism birmingham-infragard org>
Date: Mon, 11 Aug 2003 17:38:41 +0000 (GMT)


Here are two more hosts that I didn't see on the list


68.9.149.129
24.162.143.130



On Mon, 11 Aug 2003, Dennis Opacki wrote:



Can anyone confirm whether the tftp transfers appear to be solely from the
hosts listed in the initial sans.org note (which now appear to have been
taken down), or is the transfer done from the infecting host?

TIA,

-Dennis

On Mon, 11 Aug 2003, Joey wrote:


They found a worm, but since it uses tftp servers that
can be taken down and since tftp is slow, it shouldnt
have much of an effect.

"Scans sequentially for machines with open port 135,
starting at a presumably random IP address" - very
stupid way to spread!

http://isc.sans.org/diary.html?date=2003-08-11

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



-Daniel Uriah Clemens

Esse quam videra
     (to be, rather than to appear)
                     -Moments of Sorrow are Moments of Sobriety
http://www.birmingham-infragard.org   | 2053284200
fingerprint: EDF0 6566 2A4A 220E 5760  EA1F 0424 6DF6 F662 F5BD


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: