|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: What the heck is this msblast.exe
Date: Mon Aug 11 2003 - 18:54:12 EDT
I agree that the vulnerability is critical, but this classification refers
to the worm exploiting it.
Earlier exploits have not been as widespread as this worm is, and have been classified as low. We could not classify malware based on the risk assessment of the vulnerability alone - otherwise they would all be 'critical', and that is simply not accurate.
AVERT can and will change the risk assessment as and when required.
For more information about the AVERT RA, see:
Lee Fisher
Solutions Architect
McAfee Product Management
-----Original Message-----
From: Rod Trent
To: Fisher, Lee; morris_minchu@iwon.com; focus-ms@securityfocus.com
Sent: 11/08/03 15:44
Subject: RE: What the heck is this msblast.exe
Medium???? That's an irresponsible rating, considering that both MS and
the
Department of Homeland Security have listed the vulnerability as
critical.
-----Original Message-----
From: Lee_Fisher@NAI.com [mailto:Lee_Fisher@NAI.com]
Sent: Monday, August 11, 2003 6:27 PM
To: morris_minchu@iwon.com; focus-ms@securityfocus.com
Subject: RE: What the heck is this msblast.exe
>From your description I would imagine it to be the Blaster ( We called
it
W32/Lovsan.worm )
Many posts on forums - We list it as a Medium On Watch alert - other AV
orgs
have a similar classification.
http://vil.nai.com/vil/content/v_100547.htm
Lee Fisher
Solutions Architect
McAfee Product Management
-----Original Message-----
From: Minchu Mo
To: focus-ms@securityfocus.com
Sent: 11/08/03 15:00
Subject: What the heck is this msblast.exe
The code resides in c:\winnt\system32.
It somehow change my registry and pretend to be Window autoupdate in
\Localsystem\software\microsoft\window\run, so it can run when I boot the
machine. Now it sending out packet to random(?)IP 's endpoint port
--- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications": http://www.securityfocus.com/Kavado-focus-ms ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications": http://www.securityfocus.com/Kavado-focus-ms ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications": http://www.securityfocus.com/Kavado-focus-ms ---------------------------------------------------------------------------Received on Tue Aug 12 09:40:13 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:34 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |