Re: New anti-blaster worm attempts to fix RPC/DCOM vuln - W32/Nachi.worm

From: J. Reilink (digiover_at_dsinet.org)
Date: 08/20/03


Date: Wed, 20 Aug 2003 14:00:10 +0200

R Green -WoWsat.com wrote:

> Wouldn't be surprised if Microsoft had released this worm in an effort to
> protect their own arse (ie. the windowsupdate site)..
>

Yeah, right... If you've read the article(s) you'd know that the worm does a
little more than patching the RPC DCOM hole. Among other things, it exploits
a vulnerability in NTDLL.DLL (MS03-007) and overwrites some files (such as
DLLHOST.EXE and SVCHOST.EXE).

-- 
Met vriendelijke groet / Best regards,
Jan Reilink
		Dutch Security Information Network,
		http://www.dsinet.org


Relevant Pages

  • RE: [Full-disclosure] Zotob Worm Remover
    ... Todd, i would have to disagree with you on this issue, patching in my ... Subject: Zotob Worm Remover ... then bring the worm back right to the heart of the network the very next ... bypassing the firewall all together. ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] When do exploits get used?
    ... >>worm writers are getting faster. ... >>patching as, at most, the easy, but most critical, 50%. ... If we don't patch, we're just left vulnerable. ... or mitigate over 90% of the vulnerabilities in Windows 2000. ...
    (Full-Disclosure)
  • RE: IPS, alternative solutions
    ... Will the worm use that same method? ... mechanisms that cover the same space as patching covers. ... known vulnerabilities, ... by pitching themselves as a combination of an IDS and a firewall. ...
    (Focus-IDS)
  • Re: [geek] vim help please
    ... Yeah, do what Alex does and use Notepad.exe;o) ... that's only used when he is reading and patching the entire ...
    (uk.misc)
  • Re: [Full-Disclosure] When do exploits get used?
    ... | first 0-day worm comes out. ... All the patching in the world doesn't ... | question of windows of vulnerability. ...
    (Full-Disclosure)