Re: What the heck is this msblast.exe

From: Jay Woody (jay_woody_at_tnb.com)
Date: 08/12/03

Next message: Lee_Fisher_at_NAI.com: "RE: What the heck is this msblast.exe"

Previous message: Garrick Strom: "RE: What the heck is this msblast.exe"
Maybe in reply to: Minchu Mo: "What the heck is this msblast.exe"
Next in thread: Lee_Fisher_at_NAI.com: "RE: What the heck is this msblast.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 11 Aug 2003 17:23:37 -0500
To: <morris_minchu@iwon.com>, <focus-ms@securityfocus.com>

https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf

The new worm that hits the DCOM vuln. You should have been patched!
:(

JayW

>>> Minchu Mo <morris_minchu@iwon.com> 08/11/03 05:00PM >>>

The code resides in c:\winnt\system32.

It somehow change my registry and pretend to be Window autoupdate in
\Localsystem\software\microsoft\window\run, so it can run when I boot
the
machine. Now it sending out packet to random(?)IP 's endpoint port

defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------

Next message: Lee_Fisher_at_NAI.com: "RE: What the heck is this msblast.exe"

Previous message: Garrick Strom: "RE: What the heck is this msblast.exe"
Maybe in reply to: Minchu Mo: "What the heck is this msblast.exe"
Next in thread: Lee_Fisher_at_NAI.com: "RE: What the heck is this msblast.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: What the heck is this msblast.exe
... Send data on TCP port 135 that may exploit the DCOM RPC vulnerabilty to ... the worm to be download and run using the program tftp. ... Your network firewall and IDS products do not prevent Web application ... Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: What the heck is this msblast.exe
... Your network firewall and IDS products do not prevent Web application ... KaVaDo is the only company that provides a complete suite of Web ... Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: DCOM RPC exploit as a virus/trojan?
... Your network firewall and IDS products do not prevent Web application ... attacks - the most common form of online exploitation- resulting in ... Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: What the heck is this msblast.exe
... Your network firewall and IDS products do not prevent Web application ... Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
Re: DCOM worm is out
... > Your network firewall and IDS products do not prevent Web application ... > Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)