FYI - http://packetstorm.icx.fr/filedesc/dcomworm.zip.html
Is what Stephen was talking about. I wouldn't say its much of a worm, although I just briefly looked at it (as its 3:30am and I have to get up in the morning!) -Warren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Sent: Friday, August 08, 2003 12:04 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] DCOM Worm/scanner/autorooter !!! So you are saying that the infected target also scans other computers for the dcom vulnerability? if so then it would be considered a worm. --- Stephen <[EMAIL PROTECTED]> wrote: > > Hello here, > > a new worm is on the wild, it uses the exploit > released by k-otik (48 targets - > http://www.k-otik.com/exploits/07.30.dcom48.c.php) > > look this shit : > > /* RPC DCOM WORM v 2.2 - > * This code is in relation to a specific DDOS IRCD > botnet project. > * You may edit the code, and define which ftp to > login > * and which .exeutable file to recieve and run. > * I use spybot, very convienent > * - > * So basicly script kids and brazilian children, > this > is useless to you > * > > So PATCH PATCH PATCH and block the ports 135 - 139 > -445 - 593 > > Regards. > > Stephen - Germany __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
