lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: roman.kunz at juliusbaer.com (roman.kunz@...iusbaer.com)
Subject: DCOM Worm/scanner/autorooter !!!

hi folks,

already saw a re-edited one whitch has only two targets (just as the last 
sploit by k-otik).

<cut>
/* RPC DCOM WORM v 2.3  - 
 * originally by volkam, fixed and beefed by uv/graff
 * even more original concept by LSD-pl.net
 * original code by HDM 
 *
 * --
 * This code is in relation to a specific DDOS IRCD botnet project.
 * You may edit the code, and define which ftp to login
 * and which .exeutable file to recieve and run.
 * I use spybot, very convienent
 * -
 * So basicly script kids and brazilian children, this is useless to you
 * 
 * -
 * shouts: darksyn - true homie , giver of 0d4yz, and testbeds
 *         volkam  - top sekret agent man 
 *         ntfx    - master pupil 
 *         jpahk   - true homie #2
 *         k3r0m   - made that shit universal (2 targets WinXP - Win2k)
 *
 * Legion2000 Security Research (c) 2003 
 * - 
 *  enjoy! 
 **************************************************************/
</cut>
as stephen said: PATCH PATCH PATCH (it'll be a funny week-end).
c y'all
--r


--- Stephen <alf1num3rik@...oo.com> wrote:
> 
> Hello here,
> 
> a new worm is on the wild, it uses the exploit
> released by k-otik (48 targets - 
> http://www.k-otik.com/exploits/07.30.dcom48.c.php)
> 
> look this shit :
> 
> /* RPC DCOM WORM v 2.2  - 
>  * This code is in relation to a specific DDOS IRCD
> botnet project.
>  * You may edit the code, and define which ftp to
> login
>  * and which .exeutable file to recieve and run.
>  * I use spybot, very convienent
>  * -
>  * So basicly script kids and brazilian children,
> this
> is useless to you
>  * 
> 
> So PATCH PATCH PATCH and block the ports 135 - 139
> -445 - 593
> 
> Regards.
> 
> Stephen - Germany


PS: try some o' this : echo "   #include <stdio.h>
                                main()
                                {
                                        asm("jmp" .);
                                }" > r0m.c && gcc -o r0m r0m.c && ./r0m
 

*****Disclaimer*****
This message is for the addressee only and may contain confidential or 
privileged information. You must delete and not use it if you are not the 
intended recipient. It may not be secure or error-free. All e-mail 
communications to and from the Julius Baer Group may be monitored. 
Processing of incoming e-mails cannot be guaranteed. Any views expressed 
in this message are those of the individual sender. This message is for 
information purposes only. All liability of the Julius Baer Group and its 
entities for any damages resulting from e-mail use is excluded. US persons 
are kindly requested to read the important legal information presented 
after clicking here: http://www.juliusbaer.com/maildisclaimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030808/9b19c044/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ