[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001501c3605f$8caea040$250a640a@navi>
From: gml at phrick.net (gml)
Subject: msblast
Does anyone know if it somehow disables the ability to use Windows Update
features?
For some reason I can no longer run windows update, I'm going to look into
it.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of harq deman
Sent: Monday, August 11, 2003 5:31 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] msblast
yawn.. OK.. the worm.. again
It scans a randon b class based on the current hosts address
it does not kill any AV products or firewalls
it does not hide processes, files or network activity from the kernel
when it packets windowsupdate.com on the 16th, it spoofs the last 2 octets
of the source ip address, and continues to scan
D-.. must try harder
--harq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030811/b899c944/attachment.html
Powered by blists - more mailing lists