Full Disclosure mailing list archives
RE: DCOM Worm?
From: <p00lshark () hushmail com>
Date: Mon, 11 Aug 2003 14:37:38 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec's Deepsight has a more detailed report than that up. Check this link: https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf My understanding is that this report is being constantly updated. On Mon, 11 Aug 2003 13:22:47 -0700 Matt Bell <matt.bell () ladarling com> wrote:
Yup.. confirmed here. Already had it hit a user, it saves itself as c:\%systemroot%\system32\msblast.exe See here: http://isc.sans.org/diary.html?date=2003-08-11-----Original Message----- From: Carl Sager [mailto:orniter () yahoo com] Sent: Monday, August 11, 2003 2:52 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] DCOM Worm? I'm working as a technician and have had 3 people from the local area call within the last hour about a problem with having their computer shut down after giving a one minute warning. This only happens when they have an internet connection - if they boot up with a network cable plugged in, even if they don't have a browser or any other apps open, it'll shut down. It looks like they're all running NT/2k/XP as well - is this a DCOM worm? __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj84DKIACgkQvvKYUXI82a+roACaAzaEs0dyfQ+jYNhnKiZvl8lbv5EA n1spYdSOiyrmVyKskrETLsj6wXPk =UU6f -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM Worm? Carl Sager (Aug 11)
- Re: DCOM Worm? Daniel Harrison (Aug 11)
- Re: DCOM Worm? Tobias Heide (Aug 11)
- Re: DCOM Worm? morning_wood (Aug 11)
- <Possible follow-ups>
- RE: DCOM Worm? Matt Bell (Aug 11)
- DCOM Worm? Carl Sager (Aug 11)
- Re: DCOM Worm? Jordan Wiens (Aug 11)
- Re: DCOM Worm? Carl Sager (Aug 11)
- Re: DCOM Worm? Jordan Wiens (Aug 11)
- RE: DCOM Worm? p00lshark (Aug 11)
- Re: DCOM Worm? Daniel Harrison (Aug 11)