lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: cslyon at netsvcs.com (Christopher Lyon)
Subject: dobble-clicking msblast.exe

Martin,

The way I infected a machine was I coped it to the %systemroot%\system32
then run it. It won't do anything but give it a little time, you will
know you are infected then the reg entry shows it. From there is goes
out and tries to spread.





> -----Original Message-----
> From: gml [mailto:gml@...ick.net]
> Sent: Wednesday, August 13, 2003 11:32 AM
> To: nick@...us-l.demon.co.uk; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] dobble-clicking msblast.exe
> 
> I would think it would try to copy itself to %systemroot%\system32
find
> that
> it doesn't have access to overwrite msblast.exe and then just keep
> executing, but then again.
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Nick
> FitzGerald
> Sent: Tuesday, August 12, 2003 11:20 AM
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] dobble-clicking msblast.exe
> 
> martin f krafft <madduck@...duck.net> wrote:
> 
> > Does anyone know what happens if you run msblast.exe on an
> > uninfected system?
> 
> It becomes infected and infective.
> 
> There is nothing especially magical about the features of the worm
> program -- run it and it starts trying to spread (or to DoS
> windowsupdate.com depending on the date).  Its function is certainly
> not affected by the way it gets onto a machine or whether it is
> launched by the exploit code or not (well, it may depend on some
> elevated privileges such as the those it gets as local system from the
> RPC exploit code running, as it does, as part of a system service).
> 
> 
> --
> Nick FitzGerald
> Computer Virus Consulting Ltd.
> Ph/FAX: +64 3 3529854
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ