[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] DCOM Worm?

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] DCOM Worm?
From: Matt Bell <matt.bell@ladarling.com>
Date: Mon, 11 Aug 2003 15:22:47 -0500

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [Full-Disclosure] DCOM Worm?</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>Yup.. confirmed here. Already had it hit a user, it saves itself as c:\%systemroot%\system32\msblast.exe</FONT>
<BR><FONT SIZE=2>See here:</FONT>
<BR><FONT SIZE=2><A HREF="http://isc.sans.org/diary.html?date=2003-08-11"; TARGET="_blank">http://isc.sans.org/diary.html?date=2003-08-11</A></FONT>
</P>
<BR>

<P><FONT SIZE=2>&gt; -----Original Message-----</FONT>
<BR><FONT SIZE=2>&gt; From: Carl Sager [<A HREF="mailto:orniter@yahoo.com";>mailto:orniter@yahoo.com</A>]</FONT>
<BR><FONT SIZE=2>&gt; Sent: Monday, August 11, 2003 2:52 PM</FONT>
<BR><FONT SIZE=2>&gt; To: full-disclosure@lists.netsys.com</FONT>
<BR><FONT SIZE=2>&gt; Subject: [Full-Disclosure] DCOM Worm?</FONT>
<BR><FONT SIZE=2>&gt; </FONT>
<BR><FONT SIZE=2>&gt; </FONT>
<BR><FONT SIZE=2>&gt;&nbsp;&nbsp;&nbsp; I'm working as a technician and have had 3 people</FONT>
<BR><FONT SIZE=2>&gt; from the local area call within the last hour about a</FONT>
<BR><FONT SIZE=2>&gt; problem with having their computer shut down after</FONT>
<BR><FONT SIZE=2>&gt; giving a one minute warning.&nbsp; This only happens when</FONT>
<BR><FONT SIZE=2>&gt; they have an internet connection - if they boot up</FONT>
<BR><FONT SIZE=2>&gt; with a network cable plugged in, even if they don't</FONT>
<BR><FONT SIZE=2>&gt; have a browser or any other apps open, it'll shut</FONT>
<BR><FONT SIZE=2>&gt; down.&nbsp; It looks like they're all running NT/2k/XP as</FONT>
<BR><FONT SIZE=2>&gt; well - is this a DCOM worm? </FONT>
<BR><FONT SIZE=2>&gt; </FONT>
<BR><FONT SIZE=2>&gt; __________________________________</FONT>
<BR><FONT SIZE=2>&gt; Do you Yahoo!?</FONT>
<BR><FONT SIZE=2>&gt; Yahoo! SiteBuilder - Free, easy-to-use web site design software</FONT>
<BR><FONT SIZE=2>&gt; <A HREF="http://sitebuilder.yahoo.com"; TARGET="_blank">http://sitebuilder.yahoo.com</A></FONT>
<BR><FONT SIZE=2>&gt; _______________________________________________</FONT>
<BR><FONT SIZE=2>&gt; Full-Disclosure - We believe in it.</FONT>
<BR><FONT SIZE=2>&gt; Charter: <A HREF="http://lists.netsys.com/full-disclosure-charter.html"; TARGET="_blank">http://lists.netsys.com/full-disclosure-charter.html</A></FONT>
<BR><FONT SIZE=2>&gt; </FONT>
</P>

</BODY>
</HTML>

Prev by Date: [Full-Disclosure] msblast.exe
Next by Date: [Full-Disclosure] DCOM Worm?
Prev by thread: Re: [Full-Disclosure] DCOM Worm?
Next by thread: [Full-Disclosure] DCOM Worm?
Index(es):
- Date
- Thread