[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000701c35cfc$1a9a9c40$2e29fea9@Security>
From: joel at helgeson.com (Joel R. Helgeson)
Subject: Red Bull Worm
Lets see, the last big worm to exploit windows was named Code Red after the
Mountain Dew Code Red was brought to market. Being that this worm is much
more effective than Code Red ever was, I say worm should be named Red Bull
as it is sure to exhibit much more energy than the Code Red worm.
---- Original Message -----
From: "Stephen" <alf1num3rik@...oo.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, August 07, 2003 5:25 AM
Subject: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!
>
> Hello here,
>
> a new worm is on the wild, it uses the exploit
> released by k-otik (48 targets -
> http://www.k-otik.com/exploits/07.30.dcom48.c.php)
>
> look this shit :
>
> /* RPC DCOM WORM v 2.2 -
> * This code is in relation to a specific DDOS IRCD
> botnet project.
> * You may edit the code, and define which ftp to
> login
> * and which .exeutable file to recieve and run.
> * I use spybot, very convienent
> * -
> * So basicly script kids and brazilian children, this
> is useless to you
> *
>
> So PATCH PATCH PATCH and block the ports 135 - 139
> -445 - 593
>
> Regards.
>
> Stephen - Germany
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists