Full Disclosure mailing list archives
Re: MS DNS worm
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Wed, 18 Apr 2007 15:28:10 +0200
http://www.sophos.com/security/analyses/w32delbotak.html http://www.sophos.com/security/analyses/w32delbotaj.html http://www.sophos.com/security/analyses/w32delbotai.html " W32/Delbot-AK is a worm with backdoor functionality for the Windows platform. W32/Delbot-AK spreads to other network computers by: - Scanning network shares for weak passwords - Exploiting common buffer overflow vulnerabilities - Symantec (SYM06-010) - Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution." Geo. wrote:
So far this morning we seen 4 customers infected with what appears to be an MS DNS RPC based worm. Anyone seen any news on this yet? Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MS DNS worm Geo. (Apr 18)
- Re: MS DNS worm ad () heapoverflow com (Apr 18)
- <Possible follow-ups>
- Re: MS DNS worm Zed Qyves (Apr 18)
