RE: First Dcom Worm on wild

Symantec has a little more information here http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html  

-----Original Message-----

From: Hayes, Bill [mailto:Bill.Hayes@owh.com] Sent: Monday, August 11, 2003 4:36 PM
To: Anthony Clendenen; Frank Nusko; focus-virus@securityfocus.com

McAfee just posted its prelminary description

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547 .

-----Original Message-----

From: Anthony Clendenen [mailto:aclendenen@esri.com] Sent: Monday, August 11, 2003 3:24 PM
To: 'Frank Nusko'; focus-virus@securityfocus.com Subject: RE: First Dcom Worm on wild

http://isc.sans.org/diary.html?date=2003-08-11

RPC DCOM worm spreading.

-Anthony
   

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

-----Original Message-----

From: Frank Nusko [mailto:BrAinsTorM@quakenet.biz] Sent: Monday, August 11, 2003 12:37 PM
To: focus-virus@securityfocus.com
Subject: First Dcom Worm on wild

Today i detected the first worm on wild which spreads itself.

The executable is named msblast.exe and contains the strings:

"SAY LOVE YOU SAN!! Bill gates you make it possible"

as far as i covered from the compressed/packed exe it uses the 48 target

xpl.

After a succesful executing on your system it begins scanning other system

starting from 192.168.0.1 and going up all ip and classes.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

so long,

if you catch more informations lemme know them

regards

Frank