Full Disclosure mailing list archives
RE: DCOM Worm?
From: Matt Bell <matt.bell () ladarling com>
Date: Mon, 11 Aug 2003 15:22:47 -0500
Yup.. confirmed here. Already had it hit a user, it saves itself as c:\%systemroot%\system32\msblast.exe See here: http://isc.sans.org/diary.html?date=2003-08-11
-----Original Message----- From: Carl Sager [mailto:orniter () yahoo com] Sent: Monday, August 11, 2003 2:52 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] DCOM Worm? I'm working as a technician and have had 3 people from the local area call within the last hour about a problem with having their computer shut down after giving a one minute warning. This only happens when they have an internet connection - if they boot up with a network cable plugged in, even if they don't have a browser or any other apps open, it'll shut down. It looks like they're all running NT/2k/XP as well - is this a DCOM worm? __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM Worm? Carl Sager (Aug 11)
- Re: DCOM Worm? Daniel Harrison (Aug 11)
- Re: DCOM Worm? Tobias Heide (Aug 11)
- Re: DCOM Worm? morning_wood (Aug 11)
- <Possible follow-ups>
- RE: DCOM Worm? Matt Bell (Aug 11)
- DCOM Worm? Carl Sager (Aug 11)
- Re: DCOM Worm? Jordan Wiens (Aug 11)
- Re: DCOM Worm? Carl Sager (Aug 11)
- Re: DCOM Worm? Jordan Wiens (Aug 11)
- RE: DCOM Worm? p00lshark (Aug 11)
- Re: DCOM Worm? Daniel Harrison (Aug 11)