[Full-Disclosure] possible MS03-026 worm?

• Previous message: Jason Eberly: "[Full-Disclosure] Disabling DCOM: Ramifications?"
• Next in thread: tcpdumb: "Re: [Full-Disclosure] possible MS03-026 worm?"
• Reply: tcpdumb: "Re: [Full-Disclosure] possible MS03-026 worm?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Sat, 2 Aug 2003 11:58:00 -0500

Seems to be a possible worm based on the RPC/DCOM exploit making the
rounds?

puts these files in %systemdrive%
rpc.exe
rpctest.exe
tftpd.exe
worm.exe
lolx.exe

also in %windir%\system32
lolx.exe
dcomx.exe

rpc.exe and dcomx.exe appear in the running tasks.

I pulled samples of them and submitted to SARC.

-Dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• application/x-pkcs7-signature attachment: smime.p7s

• Previous message: Jason Eberly: "[Full-Disclosure] Disabling DCOM: Ramifications?"
• Next in thread: tcpdumb: "Re: [Full-Disclosure] possible MS03-026 worm?"
• Reply: tcpdumb: "Re: [Full-Disclosure] possible MS03-026 worm?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]