[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Super Worm
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Super Worm
- From: "Willem Koenings" <isec@xxxxxxxxxx>
- Date: Sun, 18 Apr 2004 09:33:03 -0500
> What it says is:
>
> "Possible combined exploits of MS vulnerabilities"
>
> "It has been a very quiet day, but we are hearing rumors of possible
> 'super' exploits that may target several of the vulnerabilities
> announced by Microsoft on Tuesday. We've been contacted by an
> individual who have have been infected such an exploit, but
> investigation of this is still underway."
>
>
> I'm not sure that "possible 'super' exploits" - plural - translates
> literally into "super worm" - singular.
'possible super exploits' and 'super worms' are terms that press would
love. but staying in reality - even now out there is worms that are
capable exploiting several vulnerabilities at the same time:
W32.HLLW.Gaobot.AZ
The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026)
using TCP port 135
The RPC locator vulnerability (described in Microsoft Security Bulletin
MS03-001) using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007)
using TCP port 80
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html
no doubt, future worms are more and more capable exploiting several
vulnerabilities
at the same time.
Willem
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html