Re: reports of DCOM worm on the loose...#3

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 08/11/03

  • Next message: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"
    Date:         Mon, 11 Aug 2003 17:03:01 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    The registry key which is modified in order to make the worm propagate is;

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Value=Run

    Where the value is "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill

    If anyone can explain why this would actually run the MSBLAST.EXE please explain.

    Cheers,
    Russ - NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Erich Vinson: "Re: reports of DCOM worm on the loose...#3"