[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rpc sdbot

To: bugtraq@securityfocus.org
Subject: rpc sdbot
From: Daniel Otis-Vigil <dvigil@moosoft.com>
Date: Wed, 13 Aug 2003 11:04:25 -0600

This sdbot variant has been spreading around Undernet and is a combination 
of the msblast worm, sdbot and spybot.  It installs as a service and 
triggers WFP which I think was a mistake.  Termination of the process 
causes an  immediate reboot.

Samples are available here: http://www.moosoft.com/thecleaner/rcpsdbot.zip
password is: infected

Daniel Otis-Vigil
MooSoft Development LLC
http://www.moosoft.com/thecleaner

Prev by Date: Microsoft MCWNDX.OCX ActiveX buffer overflow
Next by Date: Re: Microsoft MCWNDX.OCX ActiveX buffer overflow
Prev by thread: RE: Microsoft MCWNDX.OCX ActiveX buffer overflow
Next by thread: re: rpc sdbot
Index(es):
- Date
- Thread