Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[Dshieldannounce] likely RPC worm captured. Moving to infocon 'yellow'
.

  • Subject: [Dshieldannounce] likely RPC worm captured. Moving to infocon 'yellow'
  • From: jullrich at sans.org (Johannes B. Ullrich)
  • Date: Mon Aug 11 16:06:10 2003
.
 
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable



We received a copy of a binary that very much looks
like an RPC worm. Preliminary info:

- scans for port 135 as soon as it starts
- scans IPs sequentially (likely stating at a random
  point)

more details will be posted at http://isc.sans.org as
they become available. Please submit code captures
and the like to '[EMAIL PROTECTED]'

-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt

-------BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/N+5nR1p7hYJvB/wRAiHoAJ4hFhzPKKZSPuM5wBgU27jecBt4NQCfSsqQ
ShZovT65Uq41F+YvP98lwwUZA3
-----END PGP SIGNATURE-----

--
SHA1
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.