W32.Welchia.Worm studying
From: kowts (kowts_at_freesurf.fr)
Date: 10/29/03
- Next message: anonymous_at_discussions.microsoft.com: "Blaster worm infecting RPC"
- Previous message: Trinidad: "Re: W32/Jeefo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Oct 2003 12:41:08 +0100
Hi All,
Does anyone did a research or know how this malware made the HTTP request
with the WebDav of MicroSoft?
Anyone know a web site talking about that?
Additionally, it also uses a WebDAV exploit in order to propagate to
vulnerable systems. For detailed information about the said exploit, please
refer to the following Microsoft Web page:
Microsoft Bulletin MS03-007
Using these exploits, it sends a shell code to a vulnerable system, which in
turn will execute a remote shell on the target system. The remote shell
connects to a random selected port between port 666 to port 765 of the
infected host where it receives commands to download the worm copy via TFTP.
Thanks for your help
Kowts.
- Next message: anonymous_at_discussions.microsoft.com: "Blaster worm infecting RPC"
- Previous message: Trinidad: "Re: W32/Jeefo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
