Here's more on the new Windows RPC/DCOM worm. This one seems pretty simple so far. It does most of what you may have seen on isc.sans.org: - exploits via port 135/RPC. - downloads binary (msblast.exe) via tftp. - adds a registry key to re-start after reboot
AND: - On the 16th, syn-floods (with spoofed sources) windowsupdate.com. -- Craig Baltes GCIA, CCSE Senior Information Security Analyst LURHQ corp. www.lurhq.com [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
