Re: New anti-blaster worm attempts to fix RPC/DCOM vuln - W32/Nachi.worm

From: J. Reilink (digiover_at_dsinet.org)
Date: 08/20/03


Date: Wed, 20 Aug 2003 14:00:10 +0200

R Green -WoWsat.com wrote:

> Wouldn't be surprised if Microsoft had released this worm in an effort to
> protect their own arse (ie. the windowsupdate site)..
>

Yeah, right... If you've read the article(s) you'd know that the worm does a
little more than patching the RPC DCOM hole. Among other things, it exploits
a vulnerability in NTDLL.DLL (MS03-007) and overwrites some files (such as
DLLHOST.EXE and SVCHOST.EXE).

-- 
Met vriendelijke groet / Best regards,
Jan Reilink
		Dutch Security Information Network,
		http://www.dsinet.org