[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?
- From: Matt <smp.repicky@xxxxxxxxx>
- Date: Thu, 1 Sep 2005 16:52:19 -0400
Whatever you posted isn't anything "new." Look at what it's exploiting. It's
LSASS and DCOM rolled up with PnP of this months. Which is Plug and Play not
even UNIVERSAL PnP. So if it's scanning on port 5000 it's not gonna do
anything. It needs to be looking on 445.
The actual MS05-039 worm is nicknamed Zotob as released Aug 14th and has
done considerable damage. Whatever this thing is that you've posted isn't
worth looking at twice if those details are accurrate.
http://www.securityfocus.com/news/11297 (*link to the arrest reported on
SecurityFocus of the writers of the worm*)
--
On 8/30/05, fd@xxxxxxxxxx <fd@xxxxxxxxxx> wrote:
>
> On Mon, 29 Aug 2005, Vic Vandal wrote:
>
> > I guess one can call it the Katrina worm until something better comes
> > along.
> > [...]
> > - Sticks a long line of hosts resolving to broadcast address in:
> > C:\WINNT\System32\Drivers\etc in hosts file.
>
> Do we still have huge smurf networks in the wild or has that pretty much
> been resolved? A well coordinated smurf from a bunch of hosts as feeding
> points could make a spectacular DoS.
>
>
> --
> Eric Wheeler
> Vice President
> National Security Concepts, Inc.
> PO Box 3567
> Tualatin, OR 97062
>
> http://www.nsci.us/
> Voice: (503) 293-7656
> Fax: (503) 885-0770
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/