[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: roman.kunz at juliusbaer.com (roman.kunz@...iusbaer.com)
Subject: DCOM Worm/scanner/autorooter !!!
hi folks,
already saw a re-edited one whitch has only two targets (just as the last
sploit by k-otik).
<cut>
/* RPC DCOM WORM v 2.3 -
* originally by volkam, fixed and beefed by uv/graff
* even more original concept by LSD-pl.net
* original code by HDM
*
* --
* This code is in relation to a specific DDOS IRCD botnet project.
* You may edit the code, and define which ftp to login
* and which .exeutable file to recieve and run.
* I use spybot, very convienent
* -
* So basicly script kids and brazilian children, this is useless to you
*
* -
* shouts: darksyn - true homie , giver of 0d4yz, and testbeds
* volkam - top sekret agent man
* ntfx - master pupil
* jpahk - true homie #2
* k3r0m - made that shit universal (2 targets WinXP - Win2k)
*
* Legion2000 Security Research (c) 2003
* -
* enjoy!
**************************************************************/
</cut>
as stephen said: PATCH PATCH PATCH (it'll be a funny week-end).
c y'all
--r
--- Stephen <alf1num3rik@...oo.com> wrote:
>
> Hello here,
>
> a new worm is on the wild, it uses the exploit
> released by k-otik (48 targets -
> http://www.k-otik.com/exploits/07.30.dcom48.c.php)
>
> look this shit :
>
> /* RPC DCOM WORM v 2.2 -
> * This code is in relation to a specific DDOS IRCD
> botnet project.
> * You may edit the code, and define which ftp to
> login
> * and which .exeutable file to recieve and run.
> * I use spybot, very convienent
> * -
> * So basicly script kids and brazilian children,
> this
> is useless to you
> *
>
> So PATCH PATCH PATCH and block the ports 135 - 139
> -445 - 593
>
> Regards.
>
> Stephen - Germany
PS: try some o' this : echo " #include <stdio.h>
main()
{
asm("jmp" .);
}" > r0m.c && gcc -o r0m r0m.c && ./r0m
*****Disclaimer*****
This message is for the addressee only and may contain confidential or
privileged information. You must delete and not use it if you are not the
intended recipient. It may not be secure or error-free. All e-mail
communications to and from the Julius Baer Group may be monitored.
Processing of incoming e-mails cannot be guaranteed. Any views expressed
in this message are those of the individual sender. This message is for
information purposes only. All liability of the Julius Baer Group and its
entities for any damages resulting from e-mail use is excluded. US persons
are kindly requested to read the important legal information presented
after clicking here: http://www.juliusbaer.com/maildisclaimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030808/9b19c044/attachment.html
Powered by blists - more mailing lists