[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] msblast

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] msblast
From: "harq deman" <harqman@btopenworld.com>
Date: Mon, 11 Aug 2003 22:30:31 +0100

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>yawn.. OK.. the worm.. again</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>It scans a randon b class based on the current 
hosts address</FONT></DIV>
<DIV><FONT face=Arial size=2>it does not kill any AV products or 
firewalls</FONT></DIV>
<DIV><FONT face=Arial size=2>it does not hide processes, files or network 
activity from the kernel</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>when it packets windowsupdate.com on the 16th, it 
spoofs the last 2 octets of the source ip address, and continues to 
scan</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>D-.. must try harder</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>--harq</FONT></DIV></BODY></HTML>

Follow-Ups:
- RE: [Full-Disclosure] msblast
  - From: "gml" <gml@phrick.net>

Prev by Date: Re: [Full-Disclosure] DCOM Worm released
Next by Date: Re: [Full-Disclosure] DCOM Worm released
Prev by thread: RE: [Full-Disclosure] msblast.exe
Next by thread: RE: [Full-Disclosure] msblast
Index(es):
- Date
- Thread