[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MS DNS worm

To: "Geo." <geoincidents@xxxxxxx>
Subject: Re: [Full-disclosure] MS DNS worm
From: "ad@xxxxxxxxxxxxxxxx" <ad@xxxxxxxxxxxxxxxx>
Date: Wed, 18 Apr 2007 15:28:10 +0200

http://www.sophos.com/security/analyses/w32delbotak.html
http://www.sophos.com/security/analyses/w32delbotaj.html
http://www.sophos.com/security/analyses/w32delbotai.html

" W32/Delbot-AK is a worm with backdoor functionality for the Windows 
platform.

W32/Delbot-AK spreads to other network computers by:
- Scanning network shares for weak passwords
- Exploiting common buffer overflow vulnerabilities
- Symantec (SYM06-010)
- Microsoft Security Advisory (935964): Vulnerability in RPC on Windows 
DNS Server Could Allow Remote Code Execution."


Geo. wrote:
> So far this morning we seen 4 customers infected with what appears to be an
> MS DNS RPC based worm.
>
> Anyone seen any news on this yet?
>
> Geo.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> .
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] MS DNS worm
  - From: Geo.

Prev by Date: [Full-disclosure] MS DNS worm
Next by Date: Re: [Full-disclosure] UK ISP threatens security researcher
Previous by thread: [Full-disclosure] MS DNS worm
Next by thread: Re: [Full-disclosure] MS DNS worm
Index(es):
- Date
- Thread