Martin, The way I infected a machine was I coped it to the %systemroot%\system32 then run it. It won't do anything but give it a little time, you will know you are infected then the reg entry shows it. From there is goes out and tries to spread.
> -----Original Message----- > From: gml [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 13, 2003 11:32 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] dobble-clicking msblast.exe > > I would think it would try to copy itself to %systemroot%\system32 find > that > it doesn't have access to overwrite msblast.exe and then just keep > executing, but then again. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Nick > FitzGerald > Sent: Tuesday, August 12, 2003 11:20 AM > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] dobble-clicking msblast.exe > > martin f krafft <[EMAIL PROTECTED]> wrote: > > > Does anyone know what happens if you run msblast.exe on an > > uninfected system? > > It becomes infected and infective. > > There is nothing especially magical about the features of the worm > program -- run it and it starts trying to spread (or to DoS > windowsupdate.com depending on the date). Its function is certainly > not affected by the way it gets onto a machine or whether it is > launched by the exploit code or not (well, it may depend on some > elevated privileges such as the those it gets as local system from the > RPC exploit code running, as it does, as part of a system service). > > > -- > Nick FitzGerald > Computer Virus Consulting Ltd. > Ph/FAX: +64 3 3529854 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
