RPC errors

Dominic J. Eidson sauron at the-infinite.org
Tue Aug 12 17:44:40 UTC 2003


On Mon, 11 Aug 2003, Jack Bates wrote:

> Sean Donelan wrote:
>
> > http://isc.sans.org/diary.html?date=2003-08-11
> > The worm uses the RPC DCOM vulnerability to propagate. One it finds a
> > vulnerable system, it will spawn a shell and use it to download the actual
> > worm via tftp.
> >
> > The name of the binary is msblast.exe. It is packed with UPX and will self
> > extract. The size of the binary is about 11kByte unpacked, and 6kBytes
> > packed:

Has anyone seen/heard of this virus propagating through email in any way?

We appear to have been infected on a network that is very heavily
firewalled from the outside, and are trying to track down possibly entry
methods the worm might have had...


 - d.

-- 
Dominic J. Eidson
                                        "Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/              http://www.the-infinite.org/~dominic/




More information about the NANOG mailing list