RE: Billy Backdoor.

[John McNally]

VJay,   According to Symantec, the W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability. It also creates a mutex named "BILLY" and listens on port 4444. See the page at:       http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of larosa, vjay Sent: Tuesday, August 12, 2003 11:43 AM To: [EMAIL PROTECTED] Subject: Billy Backdoor. Hello,   I have done some searching on the nessus list and have not seen anybody talking about this yet. The new billy worm opens up a hidden cmd.exe on port 4444. If I get packet captures of communication with this backdoor could somebody create a nessus plugin for this?   Thanks!   vjl   V.Jay LaRosa                  EMC Corporation Information Security         4400 Computer Dr. (508)898-7433 Office       Westboro, MA 01580 (508)962-1482 Cell           www.emc.com 888-799-9750 Pager         [EMAIL PROTECTED]