| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040418143303.84F3D100BD@ws1-16.us4.outblaze.com> From: isec at europe.com (Willem Koenings) Subject: Super Worm > What it says is: > > "Possible combined exploits of MS vulnerabilities" > > "It has been a very quiet day, but we are hearing rumors of possible > 'super' exploits that may target several of the vulnerabilities > announced by Microsoft on Tuesday. We've been contacted by an > individual who have have been infected such an exploit, but > investigation of this is still underway." > > > I'm not sure that "possible 'super' exploits" - plural - translates > literally into "super worm" - singular. 'possible super exploits' and 'super worms' are terms that press would love. but staying in reality - even now out there is worms that are capable exploiting several vulnerabilities at the same time: W32.HLLW.Gaobot.AZ The worm uses multiple vulnerabilities to spread, including: The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135 The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445 The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80 http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html no doubt, future worms are more and more capable exploiting several vulnerabilities at the same time. Willem -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm
Powered by blists - more mailing lists