Full Disclosure mailing list archives
RE: possible MS03-026 worm?
From: "mobly99" <dhopper () ameritech net>
Date: Sun, 3 Aug 2003 09:25:39 -0500
FYI: Symantec's analysis http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cir ebot.html -Dave
puts these files in %systemdrive% rpc.exe rpctest.exe tftpd.exe worm.exe lolx.exe also in %windir%\system32 lolx.exe dcomx.exe rpc.exe and dcomx.exe appear in the running tasks. I pulled samples of them and submitted to SARC. -Dave
Attachment:
smime.p7s
Description:
Current thread:
- possible MS03-026 worm? mobly99 (Aug 02)
- Re: possible MS03-026 worm? tcpdumb (Aug 02)
- Re: possible MS03-026 worm? CHeeKY (Aug 02)
- RE: possible MS03-026 worm? mobly99 (Aug 02)
- Re: possible MS03-026 worm? CHeeKY (Aug 02)
- <Possible follow-ups>
- RE: possible MS03-026 worm? mobly99 (Aug 02)
- RE: RE: possible MS03-026 worm? Justin Shin (Aug 02)
- Re: RE: possible MS03-026 worm? morning_wood (Aug 02)
- Re: RE: possible MS03-026 worm? CHeeKY (Aug 02)
- RE: possible MS03-026 worm? mobly99 (Aug 03)
- Re: possible MS03-026 worm? Georgi Guninski (Aug 03)
- Re: possible MS03-026 worm? tcpdumb (Aug 02)