Re: reports of DCOM worm on the loose...#3

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 08/11/03

  • Next message: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"
    Date:         Mon, 11 Aug 2003 17:03:01 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    The registry key which is modified in order to make the worm propagate is;

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Value=Run

    Where the value is "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill

    If anyone can explain why this would actually run the MSBLAST.EXE please explain.

    Cheers,
    Russ - NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"

    Relevant Pages

    • Re: Alert: Microsoft Security Bulletin - MS03-039
      ... The way that Microsoft patched the new RPC Part II vulnerability ... Summer's Hottest Certification Just Got HOTTER! ... To learn more about the TICSA certification, ...
      (NT-Bugtraq)
    • WHERE ARE NT4 OLD PASSWORDS STORED
      ... Sorry if this bores many of you (being an NT4 question), ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Re: Alert: Microsoft Security Bulletin - MS03-039
      ... Checking for both will fail since the files will be updated but the registry key is still there. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Firewalls and DCOM
      ... Never underestimate the lengths to which your users will inadvertently go through to infect a network;)" ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Re: reports of DCOM worm on the loose...#3
      ... Name of registry key: ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)