|
Full Disclosure
mailing list archives
Re: DCOM Worm released
From: daniel uriah clemens <daniel_clemens () autism birmingham-infragard org>
Date: Mon, 11 Aug 2003 17:38:41 +0000 (GMT)
Here are two more hosts that I didn't see on the list
68.9.149.129
24.162.143.130
On Mon, 11 Aug 2003, Dennis Opacki wrote:
Can anyone confirm whether the tftp transfers appear to be solely from the
hosts listed in the initial sans.org note (which now appear to have been
taken down), or is the transfer done from the infecting host?
TIA,
-Dennis
On Mon, 11 Aug 2003, Joey wrote:
They found a worm, but since it uses tftp servers that
can be taken down and since tftp is slow, it shouldnt
have much of an effect.
"Scans sequentially for machines with open port 135,
starting at a presumably random IP address" - very
stupid way to spread!
http://isc.sans.org/diary.html?date=2003-08-11
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-Daniel Uriah Clemens
Esse quam videra
(to be, rather than to appear)
-Moments of Sorrow are Moments of Sobriety
http://www.birmingham-infragard.org | 2053284200
fingerprint: EDF0 6566 2A4A 220E 5760 EA1F 0424 6DF6 F662 F5BD
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
Re: DCOM Joey (Aug 11)
|
Intro
