lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <MKEAIJIPCGAHEFEJGDOCIEPELHAA.marc@eeye.com>
From: marc at eeye.com (Marc Maiffret)
Subject: DCOM Worm released

Transfers are done from the infected host.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: full-disclosure-admin@...ts.netsys.com
| [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Dennis
| Opacki
| Sent: Monday, August 11, 2003 2:41 PM
| To: Full-Disclosure (E-mail)
| Subject: Re: [Full-Disclosure] DCOM Worm released
|
|
|
| Can anyone confirm whether the tftp transfers appear to be solely from the
| hosts listed in the initial sans.org note (which now appear to have been
| taken down), or is the transfer done from the infecting host?
|
| TIA,
|
| -Dennis
|
| On Mon, 11 Aug 2003, Joey wrote:
|
| > They found a worm, but since it uses tftp servers that
| > can be taken down and since tftp is slow, it shouldnt
| > have much of an effect.
| >
| > "Scans sequentially for machines with open port 135,
| > starting at a presumably random IP address" - very
| > stupid way to spread!
| >
| > http://isc.sans.org/diary.html?date=2003-08-11
| >
| > __________________________________
| > Do you Yahoo!?
| > Yahoo! SiteBuilder - Free, easy-to-use web site design software
| > http://sitebuilder.yahoo.com
| > _______________________________________________
| > Full-Disclosure - We believe in it.
| > Charter: http://lists.netsys.com/full-disclosure-charter.html
| >
| _______________________________________________
| Full-Disclosure - We believe in it.
| Charter: http://lists.netsys.com/full-disclosure-charter.html
|

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ