Re: reports of DCOM worm on the loose...#3
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 08/11/03
- Previous message: Russ: "reports of DCOM worm on the loose - Report#2"
- Next in thread: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"
- Reply: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"
- Maybe reply: Russ: "Re: reports of DCOM worm on the loose...#3"
- Reply: Nick FitzGerald: "Re: reports of DCOM worm on the loose...#3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Aug 2003 17:03:01 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
The registry key which is modified in order to make the worm propagate is;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Value=Run
Where the value is "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill
If anyone can explain why this would actually run the MSBLAST.EXE please explain.
Cheers,
Russ - NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "reports of DCOM worm on the loose - Report#2"
- Next in thread: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"
- Reply: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"
- Maybe reply: Russ: "Re: reports of DCOM worm on the loose...#3"
- Reply: Nick FitzGerald: "Re: reports of DCOM worm on the loose...#3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
