Full Disclosure mailing list archives

Re: attacks shutting down windows machines?

From: tom () doctorunix com
Date: Tue, 12 Aug 2003 08:48:24 -0500



The current blaster infection pops up a "shutting down in 60 seconds due to RPC
failure" box.  The host is compromised.  on XP we find
c:\windows\system32\msblast.exe as the carrier.

tc

Quoting vogt () hansenet com:

Hi there -

We are currently receiving a considerable volume of customer reports where
windows
machines (XP usually, as its residential customers) are seemingly shut down
remotely. Nothing evil seems to happen, just a regular system shutdown.

Anyone else seen this? Is someone using the latest exploit to have some
harmless fun?


best regards / mit freundlichen Gruessen,

Tom Vogt
Hansenet Webfarm Security
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

attacks shutting down windows machines? vogt (Aug 12)
- RE: attacks shutting down windows machines? Mike (Aug 12)
- Re: attacks shutting down windows machines? Gavin Henry (Aug 12)
- Re: attacks shutting down windows machines? tom (Aug 13)