North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RPC errors - DDoS on the 16th?
http://www.theinquirer.net/?article=10986 Has anyone else seen this claim? Somebody at F-Secure thinks the worm will begin a DDoS against windowsupdate.microsoft.com on the 16th. At 03:08 PM 8/12/2003 -0700, you wrote: >This should help some for people who are worried ><http://securityresponse.symantec.com/avcenter/FixBlast.exe>http://securityresponse.symantec.com/avcenter/FixBlast.exe > >-Henry > >"Steven M. Bellovin" <[email protected]> wrote: > >In message , >"Dominic J. Eidson" writes: >> >>On Mon, 11 Aug 2003, Jack Bates wrote: >> >>> Sean Donelan wrote: >>> >>> > http://isc.sans.org/diary.html?date=2003-08-11 >>> > The worm uses the RPC DCOM vulnerability to propagate. One it finds a >>> > vulnerable system, it will spawn a shell and use it to download the actual >>> > worm via tftp. >>> > >>> > The name of the binary is msblast.exe. It is packed with UPX and will self >>> > extract. The size of the binary is about 11kByte unpacked, and 6kBytes >>> > packed: >> >>Has anyone seen/heard of this virus propagating through email in any way? >> >>We appear to have been infected on a network that is very heavily >>firewalled from the outside, and are trying to track down possibly entry >>methods the worm might have had... > >A large number of networks have unknown and unauthorized back doors. >If it's a decent-sized network and you haven't audited it, don't assume >that the firewalling is effective. (My co-author on "Firewalls and >Internet Security" book, Bill Cheswick, is CTO of a startup that maps >intranets for just this reason.) > > >--Steve Bellovin, http://www.research.att.com/~smb
|