lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BFECJLFBIFPLBMGJOIMKGEILFCAA.rabbit@wnonline.net>
From: rabbit at wnonline.net (Adam)
Subject: Red Bull Worm

FYI - k-otik released a universal exploit that doesn't need 48 different
offsets.  It uses 2. One for win2k and one for XP. ( In case noone noticed )



Adam Richards
Network Administrator
WorldNet Communications, Inc.
318-213-9827 / Fax 318-213-8534
World Class Technology, Hometown Service


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Joel R.
Helgeson
Sent: Thursday, August 07, 2003 10:54 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Red Bull Worm


Lets see, the last big worm to exploit windows was named Code Red after the
Mountain Dew Code Red was brought to market.  Being that this worm is much
more effective than Code Red ever was, I say worm should be named Red Bull
as it is sure to exhibit much more energy than the Code Red worm.

---- Original Message -----
From: "Stephen" <alf1num3rik@...oo.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, August 07, 2003 5:25 AM
Subject: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!


>
> Hello here,
>
> a new worm is on the wild, it uses the exploit
> released by k-otik (48 targets -
> http://www.k-otik.com/exploits/07.30.dcom48.c.php)
>
> look this shit :
>
> /* RPC DCOM WORM v 2.2  -
>  * This code is in relation to a specific DDOS IRCD
> botnet project.
>  * You may edit the code, and define which ftp to
> login
>  * and which .exeutable file to recieve and run.
>  * I use spybot, very convienent
>  * -
>  * So basicly script kids and brazilian children, this
> is useless to you
>  *
>
> So PATCH PATCH PATCH and block the ports 135 - 139
> -445 - 593
>
> Regards.
>
> Stephen - Germany
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ