RE: What the heck is this msblast.exe
From: Tim Mektrakarn (tim_at_loudpacket.com)
Date: 08/12/03
- Previous message: Marc Fossi: "RE: What the heck is this msblast.exe"
- Maybe in reply to: Minchu Mo: "What the heck is this msblast.exe"
- Next in thread: Christopher M: "RE: What the heck is this msblast.exe"
- Reply: Christopher M: "RE: What the heck is this msblast.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Aug 2003 15:52:15 -0700 To: <focus-ms@securityfocus.com>
Does this virus attack explorer.exe? I found this on my server, ran the
MS patch, nav scans and now everytime explorer.exe launches it crashes
immediately. Also have 2 instances of firedaemon.exe running but NAV
doesn't detect any viruses.
Tim
-----Original Message-----
From: Garrick Strom [mailto:Garrick.Strom@LifeWiseHealth.com]
Sent: Monday, August 11, 2003 3:17 PM
To: Minchu Mo; focus-ms@securityfocus.com
Subject: RE: What the heck is this msblast.exe
According to Symantec this is the long-awaited RPC exploiting worm.
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
-----Original Message-----
From: Minchu Mo [mailto:morris_minchu@iwon.com]
Sent: Monday, August 11, 2003 3:00 PM
To: focus-ms@securityfocus.com
Subject: What the heck is this msblast.exe
The code resides in c:\winnt\system32.
It somehow change my registry and pretend to be Window autoupdate in
\Localsystem\software\microsoft\window\run, so it can run when I boot
the
machine. Now it sending out packet to random(?)IP 's endpoint port
------------------------------------------------------------------------
--- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ---------------------------------------------------------------------------
- Previous message: Marc Fossi: "RE: What the heck is this msblast.exe"
- Maybe in reply to: Minchu Mo: "What the heck is this msblast.exe"
- Next in thread: Christopher M: "RE: What the heck is this msblast.exe"
- Reply: Christopher M: "RE: What the heck is this msblast.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
