[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] dobble-clicking msblast.exe

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] dobble-clicking msblast.exe
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Wed, 13 Aug 2003 03:20:16 +1200

martin f krafft <madduck@madduck.net> wrote:

> Does anyone know what happens if you run msblast.exe on an
> uninfected system?

It becomes infected and infective.

There is nothing especially magical about the features of the worm 
program -- run it and it starts trying to spread (or to DoS 
windowsupdate.com depending on the date).  Its function is certainly 
not affected by the way it gets onto a machine or whether it is 
launched by the exploit code or not (well, it may depend on some 
elevated privileges such as the those it gets as local system from the 
RPC exploit code running, as it does, as part of a system service).

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] dobble-clicking msblast.exe
  - From: "gml" <gml@phrick.net>

References:
- [Full-Disclosure] dobble-clicking msblast.exe
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
Next by Date: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM WormPropagation (fwd)
Prev by thread: [Full-Disclosure] dobble-clicking msblast.exe
Next by thread: RE: [Full-Disclosure] dobble-clicking msblast.exe
Index(es):
- Date
- Thread