RE: What the heck is this msblast.exe

From: Garrick Strom <Garrick.Strom(at)LifeWiseHealth.com>
Date: Mon Aug 11 2003 - 18:16:52 EDT

According to Symantec this is the long-awaited RPC exploiting worm. http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

-----Original Message-----
From: Minchu Mo [mailto:morris_minchu@iwon.com] Sent: Monday, August 11, 2003 3:00 PM
To: focus-ms@securityfocus.com
Subject: What the heck is this msblast.exe

The code resides in c:\winnt\system32.

It somehow change my registry and pretend to be Window autoupdate in

\Localsystem\software\microsoft\window\run, so it can run when I boot the

machine. Now it sending out packet to random(?)IP 's endpoint port

---

Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms

---

---

Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms

---

Received on Mon Aug 11 18:29:54 2003