RPC errors

• Previous message (by thread): RPC errors
• Next message (by thread): RPC errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 11, 2003 at 04:17:53PM -0400, Sean Donelan wrote:
> On Mon, 11 Aug 2003, Jack Bates wrote:
> > I'm showing signs of an RPC sweep across one of my networks that's
> > killing some XP machines (only XP confirmed). How wide spread is this at
> > this time. Also, does anyone know if this is just generating a DOS
> > symptom or if I should be looking for backdoors in these client systems?
> 
> http://isc.sans.org/diary.html?date=2003-08-11
> The worm uses the RPC DCOM vulnerability to propagate. One it finds a
> vulnerable system, it will spawn a shell and use it to download the actual
> worm via tftp.
> 
> The name of the binary is msblast.exe. It is packed with UPX and will self
> extract. The size of the binary is about 11kByte unpacked, and 6kBytes
> packed:

I have a copy of this worm at
  http://www.packetfu.org/malware/msblast.zip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030811/2aee4c69/attachment.sig>

• Previous message (by thread): RPC errors
• Next message (by thread): RPC errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]