| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Paul Schmehl) Subject: Windows RPC/DCOM - MSBlast Worm --On Monday, August 11, 2003 15:42:36 -0400 Craig Baltes <craig@...hq.com> wrote: > Here's more on the new Windows RPC/DCOM worm. > > This one seems pretty simple so far. It does most of what you may have > seen > on isc.sans.org: > - exploits via port 135/RPC. > - downloads binary (msblast.exe) via tftp. > - adds a registry key to re-start after reboot > > AND: > - On the 16th, syn-floods (with spoofed sources) windowsupdate.com. > >From the looks of it, the worm shouldn't have much problem doing that. So far I'm seeing hits from the following ISPs worldwide: verizon.net genuity.net shawcable.com attbi.com insightbb.com socal.rr.com adephia.net mindspring.com charterwv.net blueyonder.co.uk retevision.es pacbell.net sympatico.ca everett.wa.da.uu.net austin.rr.com nc.rr.com rochester.rr.com coastalnow.net videotron.ca radiant.net chartermi.net satx.rr.com Dallas1.level3.net Philadelphia.level3.net comcast.net fredericksburg2.va.da.uu.net holman.wa.da.uu.net seymour.in.da.uu.net nj.comcast.net mi.comcast.net ameritech.net pa.comcast.net cox.net airstreamcomm.net forward012.net.il numericable.fr wanadoo.fr aol.com telesp.net.br gvt.net.br bigpond.net.au optusnet.com.au netvigator.com mn.frontier.net dial.up.net corecomm.net ma.cable.rcn.com rasserver.net seed.net.tw hansenet.de chello.nl telia.com qualitynet.net dip.t-dialin.net tpnet.pl telia.com Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Powered by blists - more mailing lists