Metasploit mailing list archives
[Fwd: Conficker Worm using Metasploit payload to spread]
From: hdm at metasploit.com (H D Moore)
Date: Fri, 16 Jan 2009 10:08:43 -0600
On Fri, 2009-01-16 at 09:29 -0500, ArcSighter Elite wrote:
Ok, we're being used by worms?
Nope, were being used by the media; the worm copied the SRVSVC technique, which (unreliably) determines SP0/SP1 from SP2/SP3. The worm also took the default return addresses and DisableNX stubs; but thats about it. The majority of the code, including the SMB stuff, is completely unrelated. -HD
Current thread:
- [Fwd: Conficker Worm using Metasploit payload to spread] ArcSighter Elite (Jan 16)
- [Fwd: Conficker Worm using Metasploit payload to spread] H D Moore (Jan 16)