| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000401c361c9$310c3430$250a640a@navi> From: gml at phrick.net (gml) Subject: dobble-clicking msblast.exe I would think it would try to copy itself to %systemroot%\system32 find that it doesn't have access to overwrite msblast.exe and then just keep executing, but then again. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Nick FitzGerald Sent: Tuesday, August 12, 2003 11:20 AM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] dobble-clicking msblast.exe martin f krafft <madduck@...duck.net> wrote: > Does anyone know what happens if you run msblast.exe on an > uninfected system? It becomes infected and infective. There is nothing especially magical about the features of the worm program -- run it and it starts trying to spread (or to DoS windowsupdate.com depending on the date). Its function is certainly not affected by the way it gets onto a machine or whether it is launched by the exploit code or not (well, it may depend on some elevated privileges such as the those it gets as local system from the RPC exploit code running, as it does, as part of a system service). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists