[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] whoch DCOM exploit code are they speaking about here?

They're talking about this one (source code): 
http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php. Compliled binaries are 
available at the usual places...
 
It creates a new administrator with a username of "e" and a password of 
"asd#321". It only works on Win2K English SP3 and 4. It is not the one you have 
to worry about.
 
Jerry
 
-----Original Message-----
From: Josh Karp [mailto:jkarp@xxxxxxxxxxxxx]
Sent: Tuesday, September 16, 2003 7:19 PM
To: 'full-disclosure@xxxxxxxxxxxxxxxx'
Subject: [Full-Disclosure] whoch DCOM exploit code are they speaking about here?



 
<http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/national1842EDT0790.DTL>
 
http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/national1842EDT0790.DTL

Security researchers on Tuesday detected hackers distributing software to break 
into computers using flaws announced last week in some versions of Microsoft 
Corp.'s Windows operating system. 

The threat from this new vulnerability -- which already has drawn stern 
warnings from the Homeland Security Department -- is remarkably similar to one 
that allowed the Blaster virus to infect hundreds of thousands of computers 
last month. 

The discovery gives fresh impetus for tens of millions of Windows users -- 
inside corporations and in their homes -- to immediately apply a free repairing 
patch from Microsoft. Homeland Security officials have warned that attacks 
could result in a "significant impact" on the operation of the Internet. 

Researchers from iDefense Inc. of Reston, Va., who found the new attack 
software being distributed from a Chinese Web site, said it was already being 
used to break into vulnerable computers and implant eavesdropping programs. 
They said they expect widespread attacks similar to the Blaster infection 
within days. 

"It's fairly likely," said Ken Dunham, a senior iDefense analyst. "Certainly 
we'll see new variants in the next few hours or days." 

Microsoft confirmed it was studying the new attack tool. 

Last month's Blaster infection spread just days after hackers began 
distributing tools for breaking into Windows computers using a related software 
flaw. That infection disrupted computers at the Federal Reserve in Atlanta, 
Maryland's motor vehicle agency and the Minnesota transportation department. 

The latest Windows flaws, announced Sept. 10, were nearly identical to those 
exploited by the Blaster worm. Computer users who applied an earlier patch in 
July to protect themselves still must install the new patch from Microsoft, 
available from its Web site. 

Amy Carroll, a director in Microsoft's security business unit, said 63 percent 
more people have already downloaded the latest patch than downloaded the patch 
for last month's similar vulnerability during the same five-day period. 

"We've continued to beat the drum, to give people better awareness," Carroll 
said. "We have seen some success." 

The latest hacker tool was relatively polished. It gives hackers access to 
victims' computers by creating a new account with the name "e" with a preset 
password. iDefense said the tool includes options to attack two Windows 2000 
versions that are commonly used inside corporations. 

The tool being distributed Tuesday did not include an option to break into 
computers running Microsoft's latest operating systems, such as Windows XP or 
Windows Server 2003, but iDefense said it expected such modifications to make 
it more dangerous. 

On the Net: 

Microsoft warning: 

 <http://www.microsoft.com/security/security_bulletins/ms03-039.asp> 
www.microsoft.com/security/security_bulletins/ms03-039.asp 

Homeland Security warning: 

 <http://www.nipc.gov/warnings/advisories/2003/Advisory9102003.htm> 
www.nipc.gov/warnings/advisories/2003/Advisory9102003.htm




Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.