|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical FW: What the heck is this msblast.exe
The real injustice is the 15k program someone sent to sec-focus that you type in an IP address and it returns a command prompt on the target machine (eek). -Drew -----Original Message----- From: Rod Trent [mailto:[email protected]] Sent: Monday, August 11, 2003 6:45 PM To: [email protected]; [email protected]; [email protected] Subject: RE: What the heck is this msblast.exe Medium???? That's an irresponsible rating, considering that both MS and the Department of Homeland Security have listed the vulnerability as critical. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, August 11, 2003 6:27 PM To: [email protected]; [email protected] Subject: RE: What the heck is this msblast.exe >From your description I would imagine it to be the Blaster ( We called it W32/Lovsan.worm ) Many posts on forums - We list it as a Medium On Watch alert - other AV orgs have a similar classification. http://vil.nai.com/vil/content/v_100547.htm Lee Fisher Solutions Architect McAfee Product Management -----Original Message----- From: Minchu Mo To: [email protected] Sent: 11/08/03 15:00 Subject: What the heck is this msblast.exe The code resides in c:\winnt\system32. It somehow change my registry and pretend to be Window autoupdate in \Localsystem\software\microsoft\window\run, so it can run when I boot the machine. Now it sending out packet to random(?)IP 's endpoint port ------------------------------------------------------------------------ --- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms --------------------------------------------------------------------------- --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ---------------------------------------------------------------------------
|