RE: What the heck is this msblast.exe
From: Michael LaSalvia (mike_at_genxweb.net)
Date: 08/12/03
- Previous message: Rod Trent: "RE: What the heck is this msblast.exe"
- In reply to: Lee_Fisher_at_NAI.com: "RE: What the heck is this msblast.exe"
- Next in thread: James Montgomery: "RE: What the heck is this msblast.exe"
- Reply: James Montgomery: "RE: What the heck is this msblast.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <Lee_Fisher@NAI.com>, <morris_minchu@iwon.com>, <focus-ms@securityfocus.com> Date: Mon, 11 Aug 2003 18:47:15 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
The msblast.exe is the dcom worm that was just released earlier
today. Been seeing this in my IDS logs all day.
- -----Original Message-----
From: Lee_Fisher@NAI.com [mailto:Lee_Fisher@NAI.com]
Sent: Monday, August 11, 2003 6:27 PM
To: morris_minchu@iwon.com; focus-ms@securityfocus.com
Subject: RE: What the heck is this msblast.exe
- From your description I would imagine it to be the Blaster ( We
called it
W32/Lovsan.worm )
Many posts on forums - We list it as a Medium On Watch alert - other
AV
orgs have a similar classification.
http://vil.nai.com/vil/content/v_100547.htm
Lee Fisher
Solutions Architect
McAfee Product Management
- -----Original Message-----
From: Minchu Mo
To: focus-ms@securityfocus.com
Sent: 11/08/03 15:00
Subject: What the heck is this msblast.exe
The code resides in c:\winnt\system32.
It somehow change my registry and pretend to be Window autoupdate in
\Localsystem\software\microsoft\window\run, so it can run when I boot
the
machine. Now it sending out packet to random(?)IP 's endpoint port
- ----------------------------------------------------------------------
- --
- ---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in
Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
- ----------------------------------------------------------------------
- --
- ---
- ----------------------------------------------------------------------
- -----
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in
Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
- ----------------------------------------------------------------------
- -----
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPzgc6XAnVb+gRdsVEQIxfQCeKC1utno1oDrWrvmKpHTCKM+cIQUAn1+x
wcaDQq8UvNrA/O6KTmT8yqUc
=pqjM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
- Previous message: Rod Trent: "RE: What the heck is this msblast.exe"
- In reply to: Lee_Fisher_at_NAI.com: "RE: What the heck is this msblast.exe"
- Next in thread: James Montgomery: "RE: What the heck is this msblast.exe"
- Reply: James Montgomery: "RE: What the heck is this msblast.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
