Full Disclosure mailing list archives
RE: RE: MSblast worm
From: "Jasper Blackwell" <jasper599 () hotmail com>
Date: Wed, 13 Aug 2003 06:02:04 +0100
Thanks for your answers all.TC's answer raises an interesting question for me. Does anyone know what exploit is being used as part of the MSBlast worm? I am aware that there are different versions of the DCOM32 exploit, some of these versions require you to determine what service pack is on the machine and others use the universal offsets and therefore only require you to figure out whether it is 2000 or XP that is to be exploited. I am guessing here that as it may well be the original DCOM32 exploit that the worm does not use the universal offsets, can anyone give me a definite answer?
Also is anyone else in the situation that they have 2000 machines which are pre SP3 which are not infected, and 2000 machines with SP3 or above that are infected? Is there anyone out there with 2000 machines and SP2 or below that are infected?
The version we have here does not spread to W2000 boxes until they get SP3 installed. Then they are immediately compromised. NT4 did not infect.tc Quoting Mike.Keighleylexicon.co.uk:Ah, yes. The vulnerability does indeed exist in NT. But with respect, what Jasper asks is whether the *MSblast worm* affects NT ? The exploit code and discussions on here seem to suggest it targets only 2000 and XP.Does *this exploit* target NT successfully ? Not that I have seen / heard. Could an exploit be written which exploits NT ? Oh yes.-- Mike
_________________________________________________________________Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSblast worm Jasper Blackwell (Aug 12)
- Re: MSblast worm Johan Denoyer (Aug 12)
- Re: MSblast worm Matthew Murphy (Aug 12)
- Re: MSblast worm Robert Lemos (Aug 12)
- Re: MSblast worm Simon Glassman (Aug 12)
- Re: MSblast worm Nick FitzGerald (Aug 12)
- Re: MSblast worm KF (Aug 12)
- <Possible follow-ups>
- Re: MSblast worm Mike . Keighley (Aug 12)
- Re: MSblast worm tom (Aug 12)
- RE: RE: MSblast worm Jasper Blackwell (Aug 12)
- Re: MSblast worm Johan Denoyer (Aug 12)