RE: DCOM RPC exploit as a virus/trojan?

Major issue is that not just 135/137/139 are exploitable. Any IIS box with COM Internet Services installed is exploitable over 80/443 (you'll have to modify exploit for that) and any machine that has RPC over HTTP is exploitable on 593 tcp/udp as well. As far as trojaned version, it is a matter of time, as someone said. Full Disclosure list already posted a working exploit that will try to exploit more that one host at a time. More to follow, I'm sure. Feds agree: <http://www.msnbc.com/news/946460.asp?cp1=1>

Dimitri

|---------+---------------------------->

|         |           "Benjamin D.     |
|         |           Goldman"         |
|         |                        |
|         |                            |
|         |           08/01/2003 11:17 |
|         |           AM               |
|         |                            |

|---------+---------------------------->

  >--------------------------------------------------------------------------------------------------------------|
  |                                                                                                              |
  |       To:       "A. Bluecoat" ,                           |
  |       cc:                                                                                                    |
  |       Subject:  RE: DCOM RPC exploit as a virus/trojan?                                                      |
  >--------------------------------------------------------------------------------------------------------------|

if you can dream it up, it can be done.

If it can run on UDP - it can be done in such a way that will make it drearily impossible to stop.

-----Original Message-----
From: A. Bluecoat [mailto:abluecoat@hotmail.com] Sent: Thursday, July 31, 2003 7:58 PM
To: focus-ms@securityfocus.com
Subject: DCOM RPC exploit as a virus/trojan?

Just wondering, a newbie question really; theoretically, could the Microsoft
RPC exploit be scripted to work in virus or trojan form?

---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in
Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":
http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------

---


---------------------------------------------------------------------------

Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in
Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
Do you need more help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":
http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------








---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application 
attacks - the most common form of online exploitation- resulting in Web 
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web 
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":
http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek