[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127

To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
From: Tomokazu Suzuki <tomokazu444@xxxxxxxxxxx>
Date: Fri, 23 Apr 2004 18:27:22 +0900

Joe Stewart wrote:

> Scans port 135 for MS03-039 "DCOM2" vulnerability
> Scans port 139 for MS03-049 Workstation vulnerability
> Scans port 1433 for weak MSSQL administrator passwords
> Scans port 2082 for CPanel vulnerability (OSVDB ID: 4205)
> Scans port 2745 for backdoor left by the Bagle Virus
> Scans port 3127 for MyDoom.A backdoor
> Scans port 5000 for MS01-059 UPnP vulnerability
> Scans port 6129 for Dameware vulnerability (OSVDB ID: 3042)
> Scans port 80 for MS03-007 WebDav vulnerability
> Scans ports 135, 445 and 1025 for MS03-032 vulnerability
> Scans ports 139 and 445 for weak Netbios passwords
> 

Could it exploit MS03-032 vulnerability via 135, 445 and 1025 ?
The vulnerability exists in IE.

--
Tom


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
  - From: Joe Stewart

Prev by Date: Re: [Full-Disclosure] THCIISSLame exploit
Next by Date: [Full-Disclosure] Perl code exploiting TCP window vuln.
Previous by thread: [Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
Next by thread: [Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
Index(es):
- Date
- Thread