lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dotslash at snosoft.com (KF)
Subject: Red Bull Worm

>  targets[] =
>  {
>   { "[Win2k-Universal]", 0x0018759F },
>   { "[WinXP-Universal]", 0x0100139d },
> }, v;



http://packetstorm.linuxsecurity.com/filedesc/oc192-dcom.c.html
-KF


Adam wrote:
> FYI - k-otik released a universal exploit that doesn't need 48 different
> offsets.  It uses 2. One for win2k and one for XP. ( In case noone noticed )
> 
> 
> 
> Adam Richards
> Network Administrator
> WorldNet Communications, Inc.
> 318-213-9827 / Fax 318-213-8534
> World Class Technology, Hometown Service
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Joel R.
> Helgeson
> Sent: Thursday, August 07, 2003 10:54 AM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Red Bull Worm
> 
> 
> Lets see, the last big worm to exploit windows was named Code Red after the
> Mountain Dew Code Red was brought to market.  Being that this worm is much
> more effective than Code Red ever was, I say worm should be named Red Bull
> as it is sure to exhibit much more energy than the Code Red worm.
> 
> ---- Original Message -----
> From: "Stephen" <alf1num3rik@...oo.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Thursday, August 07, 2003 5:25 AM
> Subject: [Full-Disclosure] DCOM Worm/scanner/autorooter !!!
> 
> 
> 
>>Hello here,
>>
>>a new worm is on the wild, it uses the exploit
>>released by k-otik (48 targets -
>>http://www.k-otik.com/exploits/07.30.dcom48.c.php)
>>
>>look this shit :
>>
>>/* RPC DCOM WORM v 2.2  -
>> * This code is in relation to a specific DDOS IRCD
>>botnet project.
>> * You may edit the code, and define which ftp to
>>login
>> * and which .exeutable file to recieve and run.
>> * I use spybot, very convienent
>> * -
>> * So basicly script kids and brazilian children, this
>>is useless to you
>> *
>>
>>So PATCH PATCH PATCH and block the ports 135 - 139
>>-445 - 593
>>
>>Regards.
>>
>>Stephen - Germany
>>
>>__________________________________
>>Do you Yahoo!?
>>Yahoo! SiteBuilder - Free, easy-to-use web site design software
>>http://sitebuilder.yahoo.com
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ