RPC errors

• Previous message (by thread): RPC errors
• Next message (by thread): RPC errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following came through dshield which warns about new worm:
---
To: dshieldannounce at dshield.org
Subject: [Dshieldannounce] likely RPC worm captured. Moving to infocon 'yellow'

We received a copy of a binary that very much looks
like an RPC worm. Preliminary info:

- scans for port 135 as soon as it starts
  point)

more details will be posted at http://isc.sans.org as
they become available. Please submit code captures
and the like to 'handlers at sans.org'

--
SANS - Internet Storm Center
http://isc.sans.org

On Mon, 11 Aug 2003, Jack Bates wrote:

> 
> I'm showing signs of an RPC sweep across one of my networks that's 
> killing some XP machines (only XP confirmed). How wide spread is this at 
> this time. Also, does anyone know if this is just generating a DOS 
> symptom or if I should be looking for backdoors in these client systems?
> 
> -Jack

• Previous message (by thread): RPC errors
• Next message (by thread): RPC errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]