[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] RE: RE: MSblast worm
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] RE: RE: MSblast worm
- From: "Jasper Blackwell" <jasper599@hotmail.com>
- Date: Wed, 13 Aug 2003 06:02:04 +0100
Thanks for your answers all.
TC's answer raises an interesting question for me. Does anyone know what
exploit is being used as part of the MSBlast worm? I am aware that there are
different versions of the DCOM32 exploit, some of these versions require you
to determine what service pack is on the machine and others use the
universal offsets and therefore only require you to figure out whether it is
2000 or XP that is to be exploited. I am guessing here that as it may well
be the original DCOM32 exploit that the worm does not use the universal
offsets, can anyone give me a definite answer?
Also is anyone else in the situation that they have 2000 machines which are
pre SP3 which are not infected, and 2000 machines with SP3 or above that are
infected? Is there anyone out there with 2000 machines and SP2 or below that
are infected?
>The version we have here does not spread to W2000 boxes until they get SP3
>installed. Then they are immediately compromised. NT4 did not infect.
>
>tc
>
>Quoting Mike.Keighleylexicon.co.uk:
>
>>
>>Ah, yes. The vulnerability does indeed exist in NT. But with respect, what
>>Jasper asks is whether the *MSblast worm* affects NT ? The exploit code
>>and discussions on here seem to suggest it targets only 2000 and XP.
>>
>>Does *this exploit* target NT successfully ? Not that I have seen / heard.
>>Could an exploit be written which exploits NT ? Oh yes.
>>
>>--
>>Mike
_________________________________________________________________
Sign-up for a FREE BT Broadband connection today!
http://www.msn.co.uk/specials/btbroadband
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html