|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RPC errors
On Mon, 11 Aug 2003, Jack Bates wrote: > Sean Donelan wrote: > > > http://isc.sans.org/diary.html?date=2003-08-11 > > The worm uses the RPC DCOM vulnerability to propagate. One it finds a > > vulnerable system, it will spawn a shell and use it to download the actual > > worm via tftp. > > > > The name of the binary is msblast.exe. It is packed with UPX and will self > > extract. The size of the binary is about 11kByte unpacked, and 6kBytes > > packed: Has anyone seen/heard of this virus propagating through email in any way? We appear to have been infected on a network that is very heavily firewalled from the outside, and are trying to track down possibly entry methods the worm might have had... - d. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
|