Re: New anti-blaster worm attempts to fix RPC/DCOM vuln - W32/Nachi.worm
From: J. Reilink (digiover_at_dsinet.org)
Date: Wed, 20 Aug 2003 14:00:10 +0200
R Green -WoWsat.com wrote:
> Wouldn't be surprised if Microsoft had released this worm in an effort to
> protect their own arse (ie. the windowsupdate site)..
Yeah, right... If you've read the article(s) you'd know that the worm does a
little more than patching the RPC DCOM hole. Among other things, it exploits
a vulnerability in NTDLL.DLL (MS03-007) and overwrites some files (such as
DLLHOST.EXE and SVCHOST.EXE).
-- Met vriendelijke groet / Best regards, Jan Reilink Dutch Security Information Network, http://www.dsinet.org