[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] dobble-clicking msblast.exe
- To: <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] dobble-clicking msblast.exe
- From: "Christopher Lyon" <cslyon@netsvcs.com>
- Date: Wed, 13 Aug 2003 13:08:21 -0700
Martin,
The way I infected a machine was I coped it to the %systemroot%\system32
then run it. It won't do anything but give it a little time, you will
know you are infected then the reg entry shows it. From there is goes
out and tries to spread.
> -----Original Message-----
> From: gml [mailto:gml@phrick.net]
> Sent: Wednesday, August 13, 2003 11:32 AM
> To: nick@virus-l.demon.co.uk; full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] dobble-clicking msblast.exe
>
> I would think it would try to copy itself to %systemroot%\system32
find
> that
> it doesn't have access to overwrite msblast.exe and then just keep
> executing, but then again.
>
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Nick
> FitzGerald
> Sent: Tuesday, August 12, 2003 11:20 AM
> To: full-disclosure@lists.netsys.com
> Subject: Re: [Full-Disclosure] dobble-clicking msblast.exe
>
> martin f krafft <madduck@madduck.net> wrote:
>
> > Does anyone know what happens if you run msblast.exe on an
> > uninfected system?
>
> It becomes infected and infective.
>
> There is nothing especially magical about the features of the worm
> program -- run it and it starts trying to spread (or to DoS
> windowsupdate.com depending on the date). Its function is certainly
> not affected by the way it gets onto a machine or whether it is
> launched by the exploit code or not (well, it may depend on some
> elevated privileges such as the those it gets as local system from the
> RPC exploit code running, as it does, as part of a system service).
>
>
> --
> Nick FitzGerald
> Computer Virus Consulting Ltd.
> Ph/FAX: +64 3 3529854
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html