Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Super Worm

From: "Willem Koenings" <isec () europe com>
Date: Sun, 18 Apr 2004 09:33:03 -0500

 

What it says is: 

"Possible combined exploits of MS vulnerabilities" 

"It has been a very quiet day, but we are hearing rumors of possible 
'super' exploits that may target several of the vulnerabilities 
announced by Microsoft on Tuesday. We've been contacted by an 
individual who have have been infected such an exploit, but 
investigation of this is still underway." 


I'm not sure that "possible 'super' exploits" - plural - translates 
literally into "super worm" - singular. 


'possible super exploits' and 'super worms' are terms that press would
love. but staying in reality - even now out there is worms that are 
capable exploiting several vulnerabilities at the same time:

W32.HLLW.Gaobot.AZ

The worm uses multiple vulnerabilities to spread, including: 

The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135 
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445 
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html


no doubt, future worms are more and more capable exploiting several vulnerabilities
at the same time.

Willem


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: