lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu Sep  1 21:52:26 2005
From: smp.repicky at gmail.com (Matt)
Subject: No one else seeing the new MS05-039 worm yet?

Whatever you posted isn't anything "new." Look at what it's exploiting. It's 
LSASS and DCOM rolled up with PnP of this months. Which is Plug and Play not 
even UNIVERSAL PnP. So if it's scanning on port 5000 it's not gonna do 
anything. It needs to be looking on 445.
 The actual MS05-039 worm is nicknamed Zotob as released Aug 14th and has 
done considerable damage. Whatever this thing is that you've posted isn't 
worth looking at twice if those details are accurrate.
 http://www.securityfocus.com/news/11297 (*link to the arrest reported on 
SecurityFocus of the writers of the worm*)
  --

 On 8/30/05, fd@...nsci.us <fd@...nsci.us> wrote: 
> 
> On Mon, 29 Aug 2005, Vic Vandal wrote:
> 
> > I guess one can call it the Katrina worm until something better comes
> > along.
> > [...]
> > - Sticks a long line of hosts resolving to broadcast address in:
> > C:\WINNT\System32\Drivers\etc in hosts file.
> 
> Do we still have huge smurf networks in the wild or has that pretty much
> been resolved? A well coordinated smurf from a bunch of hosts as feeding
> points could make a spectacular DoS.
> 
> 
> --
> Eric Wheeler
> Vice President
> National Security Concepts, Inc.
> PO Box 3567
> Tualatin, OR 97062
> 
> http://www.nsci.us/
> Voice: (503) 293-7656
> Fax: (503) 885-0770
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050901/82397289/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ