Hosting Provided By

Re: What the heck is this msblast.exe

From: Jay Woody <jay_woody(at)tnb.com>
Date: Mon Aug 11 2003 - 18:23:37 EDT

https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf

The new worm that hits the DCOM vuln. You should have been patched! :(

JayW

>>> Minchu Mo <morris_minchu@iwon.com> 08/11/03 05:00PM >>>

The code resides in c:\winnt\system32.

It somehow change my registry and pretend to be Window autoupdate in \Localsystem\software\microsoft\window\run, so it can run when I boot the
machine. Now it sending out packet to random(?)IP 's endpoint port

Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web

defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms

Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms

Received on Mon Aug 11 18:33:02 2003

This message: [ Message body ]
Next message: Lee_Fisher(at)NAI.com: "RE: What the heck is this msblast.exe"
Previous message: Garrick Strom: "RE: What the heck is this msblast.exe"
Maybe in reply to: Minchu Mo: "What the heck is this msblast.exe"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:34 EDT

Do you need help?