lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F39AE70.17031.4DD94534@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: dobble-clicking msblast.exe

martin f krafft <madduck@...duck.net> wrote:

> Does anyone know what happens if you run msblast.exe on an
> uninfected system?

It becomes infected and infective.

There is nothing especially magical about the features of the worm 
program -- run it and it starts trying to spread (or to DoS 
windowsupdate.com depending on the date).  Its function is certainly 
not affected by the way it gets onto a machine or whether it is 
launched by the exploit code or not (well, it may depend on some 
elevated privileges such as the those it gets as local system from the 
RPC exploit code running, as it does, as part of a system service).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ