FW: What the heck is this msblast.exe
Drew Weaver
drew.weaver at thenap.com
Tue Aug 12 14:10:08 UTC 2003
The real injustice is the 15k program someone sent to sec-focus that you
type in an IP address and it returns a command prompt on the target machine
(eek).
-Drew
-----Original Message-----
From: Rod Trent [mailto:rodtrent at yahoo.com]
Sent: Monday, August 11, 2003 6:45 PM
To: Lee_Fisher at NAI.com; morris_minchu at iwon.com; focus-ms at securityfocus.com
Subject: RE: What the heck is this msblast.exe
Medium???? That's an irresponsible rating, considering that both MS and the
Department of Homeland Security have listed the vulnerability as critical.
-----Original Message-----
From: Lee_Fisher at NAI.com [mailto:Lee_Fisher at NAI.com]
Sent: Monday, August 11, 2003 6:27 PM
To: morris_minchu at iwon.com; focus-ms at securityfocus.com
Subject: RE: What the heck is this msblast.exe
>From your description I would imagine it to be the Blaster ( We called it
W32/Lovsan.worm )
Many posts on forums - We list it as a Medium On Watch alert - other AV orgs
have a similar classification.
http://vil.nai.com/vil/content/v_100547.htm
Lee Fisher
Solutions Architect
McAfee Product Management
-----Original Message-----
From: Minchu Mo
To: focus-ms at securityfocus.com
Sent: 11/08/03 15:00
Subject: What the heck is this msblast.exe
The code resides in c:\winnt\system32.
It somehow change my registry and pretend to be Window autoupdate in
\Localsystem\software\microsoft\window\run, so it can run when I boot the
machine. Now it sending out packet to random(?)IP 's endpoint port
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web application
security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web application
security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
More information about the NANOG
mailing list