[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] attacks shutting down windows machines?

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] attacks shutting down windows machines?
From: tom@doctorunix.com
Date: Tue, 12 Aug 2003 08:48:24 -0500


The current blaster infection pops up a "shutting down in 60 seconds due to RPC
failure" box.  The host is compromised.  on XP we find
c:\windows\system32\msblast.exe as the carrier.

tc

Quoting vogt@hansenet.com:

> Hi there -
> 
> We are currently receiving a considerable volume of customer reports where
> windows
> machines (XP usually, as its residential customers) are seemingly shut down
> remotely. Nothing evil seems to happen, just a regular system shutdown.
> 
> Anyone else seen this? Is someone using the latest exploit to have some
> harmless fun?
> 
> 
> best regards / mit freundlichen Gruessen,
> 
> Tom Vogt
> Hansenet Webfarm Security
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] attacks shutting down windows machines?
  - From: vogt@hansenet.com

Prev by Date: [Full-Disclosure] MSBLASTER - aka LOVESAN/POZA ?
Next by Date: RE: [Full-Disclosure] smarter dcom worm
Prev by thread: RE: [Full-Disclosure] attacks shutting down windows machines?
Next by thread: [Full-Disclosure] RE: [Full-Disclosure]Ooops-->was-->what to do
Index(es):
- Date
- Thread