[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Windows RPC/DCOM - MSBlast Worm
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] Windows RPC/DCOM - MSBlast Worm
- From: Craig Baltes <craig@lurhq.com>
- Date: 11 Aug 2003 15:42:36 -0400
Here's more on the new Windows RPC/DCOM worm.
This one seems pretty simple so far. It does most of what you may have
seen
on isc.sans.org:
- exploits via port 135/RPC.
- downloads binary (msblast.exe) via tftp.
- adds a registry key to re-start after reboot
AND:
- On the 16th, syn-floods (with spoofed sources) windowsupdate.com.
--
Craig Baltes GCIA, CCSE
Senior Information Security Analyst
LURHQ corp. www.lurhq.com
craig@lurhq.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html